Open Source Alternative To Dropbox?

garry_g writes "While 'the cloud' may be one of the major buzzwords of the Internet industry, anybody concerned with security and privacy will most likely not touch it with a 10-foot pole. While I am guilty of using Dropbox for occasional data storage or quick picture snaps with my Android phone, I do watch out not to store anything important on there (or incriminating), no matter what the "privacy policy" may be. I was wondering: what useful alternative is there to Dropbox on the FOSS market, which will allow access by both windows/linux boxes, but also mobile devices (specifically Android). I know there are front-end add ons for Windows (and Linux tools of course) e.g. for SVN, but most likely no implementations for mobile use as far as I can tell... And, of course, the backend should run on a Linux box ;)"

Sparkleshare

[Moderator]

Sparkleshare is still under development, and it seems to have the most traction of any user-friendly project. When released, it will be the open-source Dropbox replacement.

I agree though, it's very hard to get rid of the convenience of Dropbox. Not just for saving files, but for syncing your configuration across machines (save your .dotFiles in ~/Dropbox and then symlink to ~/). But when they refuse to support the BSD's (2 out of the 4 machines I regularly work on), and their Linux implementation starting requiring disabling SELinux, they pretty much did it to themselves. Not to mention the whole thing where the Dropbox CTO admitted they could look at your files if they wanted.

Re:Sparkleshare

[jdray]

In Korea, only old people use Dropbox.

[Sorry, I haven't been around in a while...]

Re:Sparkleshare

[Baseclass]

It's been awhile indeed, that meme lasted about a week like 2 years ago.

Re:Sparkleshare

[Seumas]

Wow, you are way off. The "In Korea, Only Old People" meme is almost eight years old. It came from a story about how only old people used email in Korea around 2003 or 2004.

Re:Sparkleshare

[MightyMartian]

In Soviet Russia memes you!!!

Re:Sparkleshare

[CharlyFoxtrot]

By the time any of these open source projects push out anything worthwhile the world will have moved on and nobody will be looking for their clones. And even then they'll have none of the simplicity and ease of use of the originals, let alone the integration into other software. Seriously, when is the FOSS world going to take the lead on creating something cool for a change instead of rushing after the trend du jour ?

Re:Sparkleshare

[wed128]

Was it that long ago? i feel old...

Re:Sparkleshare

[tehniobium]

The SELinux issue appears to be a temporary bug. The thread you linked says: a) next version will have it fixed and b) gives you a one-liner for how to fix it yourself.

Re:Sparkleshare

[Lanteran]

Well, there's firefox which sorta restarted invention and progress in the browser world...

Re:Sparkleshare

I think you accidentally the whole meme

Re:Sparkleshare

[Jane+Q.+Public]

Um... let's see. There's Firefox, as already mentioned. And Linux. Ruby, and Rails. Apache. MySQL. PostgreSQL. The list is actually quite long, but that should be enough to make the point.

Re:Sparkleshare

[SanityInAnarchy]

Sparkleshare seems to use Git as a backend, which seems like a Really Bad Idea if you're trying to clone Dropbox. For one, purging old versions should be efficient and automatic.

Re:Sparkleshare

[Drooling+Iguana]

Yeah, only old people use the "only old people" meme.

Re:Sparkleshare

[Raenex]

There's Firefox, as already mentioned. And Linux. Ruby, and Rails. Apache. MySQL. PostgreSQL.

Firefox started out from old Netscape code, slashed and burned some features, and then copied ideas like tabs from other browsers. Still, at least it was an advancement past the ubiquitous IE6 of the time, so +1.

Linux was just a Unix clone. I can't think of any area where it stood out as driving innovation. If anything, it is often behind the curve and playing catchup.

Ruby/Rails: +1

Apache: +1

MySQL: Just a dumbed down version of a relational database.

PostgreSQL: Just a relational database, and usually behind the heavy-hitters in terms of features. Mainly notable for at least being competitive with the big, commercial databases.

Re:Sparkleshare

[KingMotley]

Well except none of those were new ideas, just commercial ideas that someone created an open source alternative, or the rare case, like firefox, that was a commercial product that went belly up and released the source over to an open source project.

Perhaps there are some out there, but none of those are examples.

Re:Sparkleshare

[Zebedeu]

Just a word of caution: the current version of Sparkleshare is using a public IRC channel for notifications.
There is, however, a way to configure your installation to use a private one: https://github.com/hbons/SparkleShare/wiki/Private-notification-server

They admit this is a security/privacy risk, and they're planning on getting a better synchronization system going sometime in the future, but at least for now there's this caveat.
I think it's only fair to warn potential users before they start this for private things.

That said, I have very high hopes for Sparkleshare, and I'm hoping to start testing it locally soon.

Re:Sparkleshare

[ArsonSmith]

naked and petrified?

covered in hot gritz.

yea I've been here a while.

Re:Sparkleshare

[Lemming+Mark]

Where did tabs come from? Opera?

The Linux kernel is a relatively fertile centre of innovation in operating systems stuff. Partly that comes in the form of researchers being able to implement their proof-of-concept ideas on an industrial-strength OS rather than a toy (and being able to publish their code in a usable form). Partly that's just in terms of cool features that get implemented in the mainline - my interests are particularly in filesystems and virtualisation and they are where Linux tends to be up there with or ahead of the leaders. Linux-based OSes OTOH; they do have some genuine innovation too but it's maybe less impressive.

I'm not actually sure where Apache is especially innovative because that's not my area.

I'd also add LLVM, gcc, Go, qemu, Android, Xen (admittedly that's a project I've worked on), git, Mercurial (again, personal connections), bzr, darcs ... maybe also Python. I'll stop but I think all of these (and more!) have shown some genuine innovation at the time; sometimes there's a commercial backer, sometimes not. I've tried to pick things which were always released to the wider world as open source, if you allow stuff that started closed there's even more.

Re:Sparkleshare

when is the FOSS world going to take the lead on creating something cool for a change

FOSS scratches itches, unless someone is paying for it. The only itches everyone has are the ones people tell them to have, usually through marketing like you get with commercial products.

There is a boatload of not-a-copy opensource code out there that is quite cool for the people who use them, just not to you. Servers, encryption tools (PGP was open source before it became commercial) and so on.

Re:Sparkleshare

[Drooling+Iguana]

Oog break head with open source CD!

Re:Sparkleshare

[TooMuchToDo]

Holy shit dude, you are aware that open source drives most of the world, right? Google? London Stock Exchange? The Large Hadron Collider? Linux. Most small consumer devices? Busybox linux or a variation thereof. You want a fucking app developed on top of the open tools? Get to it.

Re:Sparkleshare

[psm321]

The first web server was a commercial idea? The first web browser? The first GUI web browser? Well gee, I must've learned my history all wrong.

Re:Sparkleshare

[TooMuchToDo]

You do know that PostgreSQL drives the .ORG domain root, right? But heh, don't let that piss all over your parade.

Re:Sparkleshare

[Raenex]

You do know that PostgreSQL drives the .ORG domain root, right?

So? How does that contradict what I said?

Re:Sparkleshare

[TooMuchToDo]

"PostgreSQL: Just a relational database, and usually behind the heavy-hitters in terms of features. Mainly notable for at least being competitive with the big, commercial databases."

Just a relational database? As opposed to what, Oracle? At least you don't get raped financially when you want to run PostgreSQL. You want something groundbreaking? Fucking build it. Don't whine on Slashdot that there isn't building the groundbreaking open source software you want to see.

Re:Sparkleshare

[styrotech]

Jon Katz imagines beowulf clusters of old memes!

Re:Sparkleshare

[CharlyFoxtrot]

London stock exchange, that's the one whose computers keep crashing, right ?

"Simon Denham, founder of Capital Spreads, said; "It (trading) went down at 8.44 am. This happens on the LSE two or three times a year, but I can't remember it ever having been down this long.

"I don't know what excuse they will give - for the second biggest stock exchange in the world it's pretty poor.""

Re:Sparkleshare

[Grail]

You forgot Natalie Portman!

Re:Sparkleshare

[Raenex]

Just a relational database? As opposed to what, Oracle?

Yes, exactly. PostgreSQL is just playing catchup to the big, existing databases. They aren't driving innovation. That doesn't mean it isn't useful. It's typically behind on things like replication and other features.

The question was: "Seriously, when is the FOSS world going to take the lead on creating something cool for a change instead of rushing after the trend du jour ?"

Now I don't agree with that statement as a whole. I was just commenting on the specific examples given in the response.

Re:Sparkleshare

[CharlyFoxtrot]

I'll agree with the developer tools where FOSS is traditionally very strong. The rest were basically reimplementation of software that had stagnated and where open source software could catch up. Unix had stagnated so Linux was able to grow into a replacement for some use cases, firefox caught up because IE development had all but halted, relational databases are ancient tech, etc. I'm not complaining BTW, I use open sourced software literally every day both professionally and privately. I just wish there was more original thinking going on then "let's do what everyone else is doing with a 2-to-5 year lag.

Re:Sparkleshare

[CharlyFoxtrot]

my interests are particularly in filesystems and virtualisation and they are where Linux tends to be up there with or ahead of the leaders.

With respect, what open source filesystems do you actually find in the datacenter ? I look at our unix infrastructure and I see : VxFS, JFS2 and Zfs, in that order. As to virtualisation, IBM have been doing hypervisors for decades and I think they still take the lead by implementing such things as micro-partitioning, dynamic reconfiguration and live migration of virtual machines. Of course I'm not a researcher, but looking at what's out there in the field.

Re:Sparkleshare

I'm not the original poster, but, Well gee, perhaps you should pull your reading glasses out of your ass and put them on your face so you can read. Apache was not the first web server. Firefox was not the first web browser. So none of the projects mentioned were original, now were they?

As for the history of web browser and web servers, I suggest you read the 3rd link you gave, very first sentence. I'll even copy/paste it for you to make it even easier for you:
In 1984, expanding on ideas from futurist Ted Nelson, Neil Larson's commercial DOS Maxthink outline program

Don't let those pesky facts get in your way. The advent of the web server/browser was significant, but it wasn't original, borrowing ideas from 2 separate commercial products (HyperText and tcp/ip).

Re:Sparkleshare

[CharlyFoxtrot]

Well, you had Mozilla who had spent years rewriting their code only to push out a bloated hulk. Then Phoenix came along and basically wrote a light-weight shell on top of the browser engine and threw out all unnecessary non browser crap. Not very revolutionary (though a great browser at the time.) In facts the parts Mozilla pushed as being most revolutionary, like XUL, are the ones that really failed. I think if you look at real innovation in the browser space you'll find it either at the client side with AJAX, HTML5 (started by a consortium of Apple, the Mozilla Foundation and Opera Software), but especially Apple taking KHTML and using it to create webkit which spread everywhere. It's hard to imagine mobile browsing today without Webkit. So kudos to the KDE team for that.

Re:Sparkleshare

[KingMotley]

NCSA Mosiac, and CERN httpd were not in the list of projects Jane Q. Public mentioned.

Although, I do believe that CERN httpd started as a commercial project that was later made public domain rather than starting as an open source project, but I could be mistaken.

Re:Sparkleshare

[lennier]

And it was like, bleep bleep bleep, I am the pusher robot, and I was like, nu ma nu ma iei.

Re:Sparkleshare

[paitre]

*looks in his datacenter*
Ext3 is ubiquitous.... EXT4 is comin'. VERY few of the others around...

Re:Sparkleshare

[CharlyFoxtrot]

Educational institution or some kind of web hosting company ?

Re:Sparkleshare

[hey]

Sparkleshare requires Mono which seems like an unfortunate decision.

Re:Sparkleshare

[steveha]

Linux was just a Unix clone. I can't think of any area where it stood out as driving innovation.

It started out as a UNIX clone, but has lots of innovation going on under the hood. Subscribe to Linux Weekly News and read the kernel updates every week, and you will get a better feel for the innovation going on.

Note that IBM is pushing Linux. IBM used to push their own UNIX, AIX; but now they have taken all the best features from AIX and ported them to Linux. Can you think of any reason why IBM might have done that?

Linux has been a disruptive technology, and if it were such a blah "me-too" technology as you seem to think, I don't know why it would have been so disruptive.

PostgreSQL: Just a relational database, and usually behind the heavy-hitters in terms of features. Mainly notable for at least being competitive with the big, commercial databases.

Oracle: Just a relational database, and I hear it can be a real pain to work with it. Mainly notable for being well-supported and crazy expensive. See, this sort of negative comment even works on the industry leader.

Let's face it, SQL was invented in the 70's and every SQL database system is "just a relational database" with some combination of features and price.

And let's face it, mostly people just need a relational database that they can trust with their data. There are a few companies that have very specific needs that only Oracle can handle, but most would be just fine with PostgreSQL.

For innovation, how about NoSQL? For some purposes, these work better than SQL; for others, not; but you have to admit these are not "just another relational database".

In the area of desktop environments, GNOME 3 is doing something really different. Lots of people hate it, understand, but it's definitely a new environment. And I think Enlightenment was pushing the envelope a lot in the early days.

The GNOME 3 example shows that sometimes innovation is met with resistance. Some innovations are not popular and languish in obscurity (deserved or not). I think there are a lot of innovative open source projects you have never heard about. (I have a Python project I thought was pretty innovative, but the problem it solves doesn't seem to be a problem people have, because nobody seems to care. On the other hand, ElementTree is very popular and I would call it innovative; if you disagree, what exactly do you think ElementTree is a clone of?)

steveha

Re:Sparkleshare

[Lanteran]

Well there you go then! I just think the FOSS communities have built a lot more than you give them credit for.

Re:Sparkleshare

it's not a fix - it's a suggestion to disable code-on-stack execution protection for the whole dropbox executable, which just doesn't sound right no matter how "safe" they say it is.

Re:Sparkleshare

[Trifthen]

PostgreSQL: Just a relational database, and usually behind the heavy-hitters in terms of features. Mainly notable for at least being competitive with the big, commercial databases.

You may say this, but that's because you're not a DBA. PostgreSQL drives Skype, Pandora, Reddit, and IMDB for example. Working in the financial industry, we use it, and a few other companies I know of are converting away from SQL Server to PostgreSQL. Financial companies are especially prudent considering the liability concerns, and we do a metric assload of testing; we don't just convert for shits and giggles.

The PostgreSQL developer community is probably one of the best organized and responsive I've ever seen outside the Linux kernel. They have a major release almost yearly, and the 9.x branch is especially notable, since they're starting to include "enterprise" features. It's one of the few DBs that can regularly post equal or greater performance than Oracle, and it just keeps getting better. There are a number of reasons for this, but it all involves all the storage and memory architecture improvements they've been incorporating in the last few years.

Its popularity was never as high as MySQL because, as you said, MySQL isn't a real DB. It's easy to set up, and gets the job done without being quite as stripped-down as something like SQLite. For just whipping up a DB-driven website, it was dead simple, and with the popularity of PHP, so too did MySQL gain momentum.

And there's another very active project: PHP. Argue all you want about their design philosophy, but that language took the web by storm. Python and Ruby are similar in the regard to being highly active and groundbreaking open-source projects. Rails and Django are both huge sources of newer websites these days, and for good reason. Hell, even Drupal is being used by The Onion, and that's another huge Python community.

You could just as easily say Apache is "just a web server". Especially considering Lighttpd and NginX have both been outperforming it for years now. They may not count because they're not huge community projects, but they're more than viable and used by major sites. My company's site, for example, serves 120MB sustained traffic all day long serving a financial trading application, and we run both NginX and Apache on top of PostgreSQL. The DB alone serves 10,000 transactions per second (and can scale to about twice that on our hardware) just nicely at peak times.

What, exactly, does it take for a release to be considered "worthwhile"? Abandoning major commercial vendors? They're doing that. Scaling to huge usage? Reddit uses an entirely open-source stack including PostgreSQL, RabbitMQ, and Cassandra, and just broke 1.2B page views per month. Not just any page views, but fully threaded forums with a moderation system. I already mentioned Skype and Pandora. Sit up and take notice? They already started doing that.

The term "clone" is also pretty subjective. Lots of projects are spawned simultaneously, and the commercial product inevitably reaches the market first because of the paid developers that just work on it all day long. But when a FOSS project gets some momentum behind it, it really catches up in a big way.

FOSS projects individually have their warts. But the market is also littered with commercial software that is a clone of a clone of a clone, and is either out of business, or a product nobody wants. The aspect of being FOSS is not a differentiating factor in that regard. But the good software, both in the commercial and open-source world, lives on, and the really good examples are adopted with greater velocity as they mature. Criticize open-source all you want, but discounting the it as an also-ran is a giant mistake.

Re:Sparkleshare

[Raenex]

It started out as a UNIX clone, but has lots of innovation going on under the hood.

Feel free to point out specific examples where Linux that has been ahead of the curve. It seems to me that much of it's time has been spent chasing after Solaris.

Note that IBM is pushing Linux. IBM used to push their own UNIX, AIX; but now they have taken all the best features from AIX and ported them to Linux. Can you think of any reason why IBM might have done that?

Because Linux was free and good enough, and it was being adopted in droves on the backend. So IBM decided to support it, rather than be left behind.

Oracle: Just a relational database, and I hear it can be a real pain to work with it. Mainly notable for being well-supported and crazy expensive. See, this sort of negative comment even works on the industry leader.

That's fine, because I never claimed Oracle was especially innovative. However, PostgreSQL is still chasing them in the features department.

For innovation, how about NoSQL?

Sure, fine, and same for Gnome 3 or whatever. Note I never said open source can't be innovative, and in fact gave credit where I thought it was. I was only speaking to specific examples, not the class as a whole.

Re:Sparkleshare

[NateTech]

And your point is that text files and an "ndc reload" could handle that job with a lot less overhead? RDBMS where it doesn't belong is just another source of bugs and points of failure, alternatively in a well-run shop it's a source of endless regression tests when it has to be updated.

Text files don't typically require regression tests or have admins wondering how best to replicate them across sites. rsync can handle the job. And in this case, BIND itself can handle the job.

Over-engineered.

Re:Sparkleshare

[Raenex]

You can see my other replies in this thread. I'm tired of repeating myself.

Re:Sparkleshare

[NateTech]

Linux beat Solaris' and the other commercial Unix flavor's licensing. That's really all it did.

The commercial Unix systems kept innovating on top of superior engineering (running multiple Solaris kernels on the same box was possible years before virtualization was a buzzword) but ran out of money.

Re:Sparkleshare

[NateTech]

All those things are true, but his point is exactly what you said yourself, PostgreSQL is finally adding "Enterprise features."

Informix still kicks PostgreSQL's ass and is considered an "also-ran" against Oracle in my people's (misguided) view. A great option that's often overlooked because FOSS enthusiasts would never even think of looking at it.

Re:Sparkleshare

[Trifthen]

Yes. Because you, a random user on the internet, has such compelling arguments, that I can't help myself but read through your specific comments.

But I rolled my eyes and did it anyway, because hey, with that kind of challenge, there must have been some notable comment there I didn't see. So after reading through your comments, I can only admit I have no clue how any of your dismissive arrogance can be construed as any kind of logical and reasoned response to the rebuttals of my, or anyone else's comments.

I won't reduce your reply to a humorous ad-lib as I normally would, because you're clearly missing the whole point, or inadequately supporting your position. Telling me to put forth effort you're clearly unwilling to expend yourself, suggests a level of hypocrisy I refuse to perpetuate. Have fun explaining why everything FOSS ultimately sucks and accomplishes nothing, because hey, defeatist attitudes get a lot done at the end of the day.

Re:Sparkleshare

[Trifthen]

> All those things are true, but his point is exactly what you said yourself, PostgreSQL is finally adding "Enterprise features."

I said that sarcastically. Note the snide quotes around "enterprise." :)

PostgreSQL is gaining popularity partially because Oracle purchased MySQL's parent company, and because of the newer features. But really, it's been "enterprise ready" since the 8.0 branch was released. Maybe I'm biased, being a PostgreSQL DBA, but a lot of the contractors I keep company with that work with Oracle anecdotally suggest there's been a massive effort by several companies to replace Oracle with PostgreSQL in the last year or two.

And like a previous commenter said, DBMSs come in various shapes and sizes, and have been since the 70's. But like all technology, things mature, and Oracle is no different in this regard. PostgreSQL came from Ingres, a research project for a guy working on his PHD in the late 80's. And that version didn't even use SQL. It's not like someone sat down one day and said, "Gee, how do I clone Oracle?" You can have notable and disruptive technology in existing categories.

And as much as I roll my eyes at the mention of NoSQL as some kind of ground-breaking concept, it's a fairly innovative application of a key-store caching model that has varying levels of compromises depending on the implementation you pick. They're not all just clones of memcached. Anyone who argues Cassandra, MongoDB, CouchDB, or Redis are all technologically equivalent needs a boot to the head. They're all innovative in their own way and have different areas where they're more scalable based on usage patterns.

My point was that his fundamental assumption (at least as I read his comment) is wrong. This stuff has been slowly taking over and replacing commercial software for years, and the pace is just accelerating. It's gotten to the point that major multi-million dollar firms are reaching for open-source first, not because it's equivalent to some other product, but because it's better.

OP basically wrote off half the examples as pointless. I was just saying it's not quite that simple.

As a side note, I'll have to look into Informix. I've never heard of anyone comparing it to PostgreSQL and getting the results you claim, but it's worth investigation.

Re:Sparkleshare

[GPLHost-Thomas]

I don't know for others, but for me, sparkleshare.org advertises for an IPv6 on it's DNS, but yet, htere's no v6 connectivity to it (traceroute stops in the AMIX).

Re:Sparkleshare

[Raenex]

Have fun explaining why everything FOSS ultimately sucks and accomplishes nothing, because hey, defeatist attitudes get a lot done at the end of the day.

Clearly demonstrating you didn't read my replies in the thread, or chose to willfully ignore what they said:

Yes, exactly. PostgreSQL is just playing catchup to the big, existing databases. They aren't driving innovation. That doesn't mean it isn't useful. It's typically behind on things like replication and other features.

The question was: "Seriously, when is the FOSS world going to take the lead on creating something cool for a change instead of rushing after the trend du jour ?"

Now I don't agree with that statement as a whole. I was just commenting on the specific examples given in the response.

and:

For innovation, how about NoSQL?

Sure, fine, and same for Gnome 3 or whatever. Note I never said open source can't be innovative, and in fact gave credit where I thought it was. I was only speaking to specific examples, not the class as a whole.

Note I wasn't the original poster that slammed open source as a whole (this post). But don't let facts get in the way of your strawman rant.

Re:Sparkleshare

[steveha]

Feel free to point out specific examples where Linux that has been ahead of the curve.

Okay, I just did what I told you to do, and I went to LWN. This week is for LWN subscribers, but last week is freely available, and since I wanted to link it, I wen there.

And I found a fascinating discussion of patching the Linux memory management system to save power by shutting down parts of the RAM that aren't needed! Which version of UNIX did they copy that from? Or will you concede that this is new?

LWN kernel page from last week

There are plenty of other examples; feel free to actually read the LWN archives. LWN is great.

Because Linux was free and good enough, and it was being adopted in droves on the backend. So IBM decided to support it, rather than be left behind.

Linux was "good enough" that people were not buying as many IBM big-iron machines. Now IBM sells its big iron as a way to run lots of Linux VMs. As I said, a disruptive technology, and I don't see why you are so determined to denigrate Linux as a mere not-quite-as-good-as-UNIX.

steveha

Re:Sparkleshare

[Magic5Ball]

There's adding new features, which is invention at best. The bazillion features in an office suite are certainly inventive, but most are irrelevant to most users. Then there's innovation. Innovation occurs when those inventions change how other people do things, whether or not they appear in a product or service produced by the inventor.

To the extent that almost any slightly clued user of any product could suggest improvements or inventions to their tools and be copied, almost everything that goes on with technology may be called innovative, but not all innovations are of the same impact.

Opera is inventive by making many new gadgets for web browsing, and Opera is innovative by changing how a portion of their comparative handful of users interact online. Google and the other browser makers are massively innovative by inducing users to change their browsing habits of hundreds of millions of people by popularly implementing analogous features to those invented by Opera.

Please read any of the OECD innovation manuals, and in particular, focus on the differential impacts of innovations at different scopes (new to the world, new to the region, new to the industry, etc.).

With respect to disabling parts of memory that are not in use to save heat and/or energy, that is certainly inventive, if not original. (Designers of embedded devices and software have used similar tactics for decades.) Will it change the computing habits of millions of users? Will most Linux users even know or notice that the feature exists? Probably not.

Also, pointing out that Linux is mostly derivative in no way diminishes its accomplishments. There just aren't (m)any new ideas in the world that are not based on previous concepts. Most of Apple's designs strongly take after Bauhaus design patterns.

Re:Sparkleshare

Software-wise sparkleshare is a replacement already, IMO. The problem is that no-one is offering sparkleshare-specific hosting. This means two things: first, it's not super-easy to setup (because the server-side docs talk about git repos etc, not "Sparkleshare directories"). Second, it's difficult to offer the little missing pieces like push notifications in a nice package.

Re:Sparkleshare

That name horrible mental image --> http://i2.squidoocdn.com/resize/squidoo_images/-1/lens12020081_1278601414vampire-sparkle.jpg

Re:Sparkleshare

[Eivind]

SpiderOak is actually a lot more convenient than DropBox.

It's not open-source, but it has 3 other serious advantages. First it's based on a zero-knowledge architecture, this means that all your files are encrypted locally, before being put in the cloud, and the keys are handled (derived from a passphrase) in a way that ensures that nobody, not even employees of SpiderOak, can see your files. (for me this is an absolute requirement for storing files in the cloud)

Second, you can select more than one directory for backup/sync, which is a lot more flexible than the DropBox-thing where precisely *one* folder is synchronised to all devices.

Third, you can choose what to synch where, so you can, for example, backup and sync Pictures/ to the cloud, but synch only Pictures/2011 to the laptop (perhaps the laptop doesn't have enough disc to hold all your pictures)

Oh yeah, and it's half the price of DropBox. $100/year gives you 100GB rather than 50GB.

Re:Sparkleshare

[yumyum]

That article was from 2008 when LSE was running Windows. From Wikipedia:

"After suffering extended downtime and unreliability[25][26] the LSE announced in 2009 that it was planning to switch to Linux in 2010."

Re:Sparkleshare

[AmiMoJo]

has lots of innovation going on under the hood.

I think that pretty much sums up the state of open source. Lots of innovation at geek level like kernels and compilers, but none at the application level.

Re:Sparkleshare

Did open source projects touch you in a wrong way?

Re:Sparkleshare

[NateTech]

Ah okay, cool.

Informix has also been around since the 80's. Deeply embedded in both Telco and Government, as well as running a few really big Corp's stuff. (That big orange Home Improvement store comes to mind...) It gets lost in the noise about Oracle, Oracle, Oracle, mostly. Kinda like Marsha, Marsha, Marsha on the Brady Bunch. ;-)

I agree with you that PostgreSQL is a good DB. Most of the PostgreSQL "disasters" I've seen were due to DBAs using it incorrectly. Now that I think about it, that's true of all DB disasters I've seen, of any DBMS flavor. :-)

Re:Sparkleshare

[Jane+Q.+Public]

"Just a relational database? As opposed to what, Oracle?"

"Yes, exactly. PostgreSQL is just playing catchup to the big, existing databases. They aren't driving innovation."

Are actually claiming that Oracle is driving innovation? Because frankly, I haven't seen much new out of them in a long time. But guess what? When the programmers from Open Office left Oracle and started the Document Foundations, improvements to the product started to happen almost overnight.

That's just one example, but I would say "yes", Open Source is driving innovation. You can't count on the big corporations with their cash cows to do it!

Re:Sparkleshare

[Lemming+Mark]

I was mostly trying to address the technological innovation side of the parent poster's criticisms; there's plenty interesting new developments and research on the storage side taking place in Linux. In real world deployments I'd still generally expect lots of ext3 and ext4 (as Linux is very common in the overall "server market", I'd expect its default filesystem to be all over the place by now). There are also the cluster filesystems (GFS, OCFS2) and, to a certain extent, there's stuff like Lustre (is that entirely open source? I think it might be these days.) that I imagine people are using in random high-end data centres out there.

Virtualisation wise I'm not familiar with the IBM terminology but as far as I know equivalents to all that functionality have been quite established in PC-based virtualisation systems for quite a while now. That said, I'd imagine with IBM's experience that their virtualisation is more dependable than *anyone* else's. IBM were also some of the first (perhaps actually the first) to paravirtualise - modifying the guest OS to run better under virtualisation. I think there are a lot of people out there now using Linux virtualisation in various forms and to a certain extent I would say there's innovative stuff in there already; but there's always more coming and various research projects have done very cool things with it. Folks like VMware also do leading-edge stuff stuff, though, and they're proprietary code.

So I think it depends on whether you count features that are already deployed, or the general innovation in the technology. There's arguably not much impact in innovating without deployment though, so developers do need to get this stuff actually out the door sometimes to really deserve recognition for innovation. I think they're doing that but hope to see more.

Re:Sparkleshare

[bingoUV]

what open source filesystems do you actually find in the datacenter ? I look at our unix infrastructure and I see : VxFS, JFS2 and Zfs, in that order

2 of these 3 filesystems are open source, so you yourself actually find open source filesystems in the datacenter.

Re:Sparkleshare

[danielpublic]

Get of the bitchtrain and get involved/support developers of the software you use. It is very easy to support 'em nowadays, even if you don't like paypal, there is flattr.

Re:Sparkleshare

[Raenex]

Are actually claiming that Oracle is driving innovation?

No, see here: That's fine, because I never claimed Oracle was especially innovative. However, PostgreSQL is still chasing them in the features department.

Re:Sparkleshare

[psm321]

I was responding to this statement: "Well except none of those were new ideas, just commercial ideas that someone created an open source alternative". But don't let reading the post I was replying to get in the way of your desire to find ways to randomly insult people.

Re:Sparkleshare

[psm321]

That's not the point. You said all of these projects were rip-offs of commercial ideas. They were "rip-offs" of non-commercial ideas

Re:Sparkleshare

[RockDoctor]

Who? (I know, she's the one to be used naked and petrified with hot grit. So ... she's some sort of advert for a road-surfacing machine?)

Re:Sparkleshare

[Jane+Q.+Public]

Okay, but you are arguing yourself straight out of your own argument. Of course they are chasing Oracle as to features: they came on to the scene a great deal later than Oracle did. Just about the only way they could come out of the starting gate with all the features of Oracle would be if they stole those features from Oracle.

The fact is, projects like MySQL and PostgreSQL have been rapidly catching up to Oracle in features, while Oracle has been essentially holding still. Give these still very young startups some time, and if the trend continues, they will leave Oracle in the dust.

Re:Sparkleshare

[Lemming+Mark]

I had the impression that PostgreSQL had some quite unique (at the time, anyhow) features, such as the ability to write stored procedures in a whole host of real programming languages, as well as a domain-specific language.

Re:Sparkleshare

[Lemming+Mark]

I'd generally define innovation in technological terms to be "doing things a new way" or just "doing new things". Linux the *kernel*, as opposed to the overall OS, has seen some rather cool developments in various areas (filesystems and storage, virtualisation, other stuff). They don't all have mass-market benefits but they can have massive benefits to the folks who need them.

I have the general *impression* that Linux as a whole OS has been rather less innovative but then I'm not really that acquainted with all of the details. That said, distro package repositories predate Apple's app-store by a long time and basically do the same thing (minus, as is often the case, a really slick UI).

Re:Sparkleshare

[Raenex]

Okay, but you are arguing yourself straight out of your own argument.

I looked back at the original post by CharlyFoxtrot, and he made a couple of claims that could be treated separately. I see that there's a lot of confusion caused by the mixing up of the claims. I apologize for any misunderstandings caused by lack of clarity on my part.

I was only addressing the claim about clones vs innovation with regards to specific projects: "when is the FOSS world going to take the lead on creating something cool for a change instead of rushing after the trend du jour ?"

CharlyFoxtrot made another claim: "By the time any of these open source projects push out anything worthwhile the world will have moved on and nobody will be looking for their clones."

I wasn't thinking of this in my response to you. I never agreed to its sentiment and think this is clearly wrong based on the examples you gave. I happily use open source and obviously it has gained traction in a big way.

while Oracle has been essentially holding still.

I wouldn't agree with this. They've been consistently adding features over the years. It's just nothing spectacular.

Give these still very young startups some time, and if the trend continues, they will leave Oracle in the dust.

I expect this to happen, just like it did with Linux. I'm actually surprised it hasn't happened sooner. Relational databases are mostly a commodity product these days, though there's always room for more features.

Re:Sparkleshare

[KingMotley]

Well except they were "rip-offs" of commercial ideas.

Firefox started from the commercial netscape browser.
Linux started as a free alternative to commercial UNIX's (AT&T/SCO).
MySQL/PostgreSQL were free alternatives to Microsoft SQL Server, Oracle, and SyBase.

I'd have to agree that Ruby, Rails, and perhaps Apache might be considered original, although heavily borrowing from other projects both FOSS and commerical.

Re:Sparkleshare

[PipsqueakOnAP133]

Except do you count Apple as part of the FOSS community? It's easy to see that a lot of people don't.
As far as I recall, practically nobody used KHTML until Apple forked it.

The FOSS community has definitely produced a lot of code, no doubt. But CharlyFoxtrot wasn't asking about quantity of code, but rather creativity/innovation.
I expect a FOSS alternative to Dropbox will be little more than cloning Dropbox, and a less usable user interface.

Pushing the envelope seems to come more from the Open Source community (non-GNU), like ZFS, Apache, and PostgreSQL.
From the FOSS side, we have GCC, which is definitely something to be thankful for. But looks to be passed up by LLVM soon.

Re:Sparkleshare

[PipsqueakOnAP133]

And I found a fascinating discussion of patching the Linux memory management system to save power by shutting down parts of the RAM that aren't needed! Which version of UNIX did they copy that from? Or will you concede that this is new?

Compaq/DEC Tru64.
While doing it to save power is a interesting idea, all the groundwork necessary to do so existed well before Linux became popular. So while it'll take some work to implement in Linux, it ought to be easy in many old UNIXs if it wern't for the fact that power usage didn't really matter to those users.

In Tru64's case, to ability to shut down chunks of RAM is necessary when your hardware supports hotswapping RAM modules.

Solaris/SPARC does this too.

I'm admitting the idea is novel and new, at least to me. But also noting that all the hard work necessary to make it happen on Linux compared to old-school UNIX is what makes Linux "behind the curve."

Re:Sparkleshare

[Lanteran]

KHTML, rendering engine behind konqueror, chosen by apple for its quality and lightness? Sure, very few people use konqueror, but plenty of people use at least a hundred thousand lines of code from konqueror every day. That's not counting gecko though, also open source.

Re:Sparkleshare

[PipsqueakOnAP133]

Sure, it's nice that KHTML code contributed to text/image layout in WebKit.
But KHTML itself isn't all that cool, nor pushing the envelope. Apple chose it because it was simply the least crufty, most easily understood, and not GPL. As much as we should be thankful that KHTML was written, it was not groundbreaking.

Between roughly Netscape 2 and Google Chrome, I'd have to argue that the entire ecosystem of web browsers had practically nothing groundbreaking. To me, the history of the web browser goes something like this:
1991: WorldWideWeb was released. First web browser. Utilizes tagged text for automatic layout and linking to other pages.
1993: NCSA Mosaic. Brings inlined images and established the traditional UI we expect today. (back, forward, bookmarks, address bar, stop, refresh)
1996: Netscape 2. Added scripting via Javascript.
1996-2008 - "Warring States Period": Tons of people trying to establish proprietary tags, incompatible formatting (XHTML for the lose), and binary plugin technologies. Popularized IE6. Made Flash relevant. Mozilla became bloated. IE6 became the easiest way to transmit viruses.
2008: Google Chrome. Added sandboxing.

Re:Sparkleshare

Freakin Amen!

I use SpiderOak and in every sense it is leaps and bounds ahead of dropbox.

Perhaps it's only relative failing is that it is a little more complex to use (mostly a natural result of it's larger feature set).

Re:Sparkleshare

[Lanteran]

The original www browser was public domain. I still maintain though, firefox was the major browser that brought us out of the IE6 dark ages. Decent timeline, but I'd consider the warring states thing to mostly have ended by '06 or '07.

Re:Sparkleshare

http://mairin.wordpress.com/2011/05/25/fedora-sparkleshare-howto/

Here's a step-by-step tutorial on using Sparkleshare. It's still under development but it works today :)

Some are WIP

[Anssi55]

There are Syncany and SparkleShare, but neither seems to satisfy your requirements yet as they are still quite new projects and work-in-progress (without e.g. android clients afaics).

Re:Some are WIP

I have not used it heavily myself but If you are talking about your own server for this then what about rsync?
there is an android app for it (also not one I have tested) http://www.appbrain.com/app/rsync-backup-for-android/eu.kowalczuk.rsync4android
as well as multiple Linux and windows clients.

Re:Some are WIP

[shmlco]

I suspect that the best solution is simply to use Dropbox. Files are encrypted on the server, and only certain individuals can access the keys. It also has the widest installed base, and the best mobile app support of any service out there. (Thousands of apps can save, print, or retrieve information from Dropbox.)

I use it, with some sets of folders stored as encrypted disk images, and some files that I need to reference across platforms "printed" and stored as encrypted PDFs with multiple passwords.

As to storing "incriminating" information... is the guy an idiot or something? Who would store anything incriminating on an internet service, public or private, encrypted or not?

Re:Some are WIP

[element-o.p.]

Who would store anything incriminating on an internet service, public or private, encrypted or not?

Go to youtube sometime, and you'll find out. I was in kind of an odd mood the other day, and did a search for the terms "motorcycle" and "squid" which returned plenty of videos of people doing idiotic things on motorcycles -- frequently on public roads, surrounded by lots of other vehicles. At the very least, a large percentage of the videos I watched could result in charges of reckless driving and/or speeding if the police decided to get involved.

Re:Some are WIP

[Mister+Whirly]

I could totally be mistaken, but doesn't a police officer need to witness you committing the moving violation in order to ticket you? Not for all crimes mind you, just moving violations.

Re:Some are WIP

[msi]

Not in the UK. One or two People get done for dangerous driving etc. every year.

Re:Some are WIP

[Mister+Whirly]

I didn't really specify, but I was referring to US law. My bad.

Re:Some are WIP

[styrotech]

How about duplicity?

What could also be cool for extra paranoia is a parity RAID like version where you could use different hosting providers for each 'disk' in your volume. That way any particular host only has a subset of the data chunks, and your data would survive losing a subset of hosts (the number depends on your chosen parity scheme).

No doubt someone has already tried that idea :)

Re:Some are WIP

[lennier]

did a search for the terms "motorcycle" and "squid"

I don't want to Google that because there's no way my mental image of a badass biker cephalopod could ever compare with harsh reality.

TrueCrypt

Dropbox is perfectly secure if you use TrueCrypt.

Re:TrueCrypt

[jojoba_oil]

Dropbox is perfectly secure if you use TrueCrypt.

Are there Android apps to access first the DropBox account and then decrypt the TrueCrypt inside of it? If not, this option doesn't fully answer the asked question.

Re:TrueCrypt

[Black+Gold+Alchemist]

There should be.

Re:TrueCrypt

[1karmik1]

This. Just create a truecrypt image on Dropbox and the privacy issues are solved. If there are other problems, like unsupported clients and whatnot like someone mentioned in a comment, then it might be wise to look elsewhere.

Re:TrueCrypt

[The+MAZZTer]

Does Dropbox only sync parts of a file that have changed? If so this will work, otherwise this will be horrible, especially with a slow upload speed. I might have to try this though.

Re:TrueCrypt

[MobileTatsu-NJG]

Right, but isn't the whole volume going to have to be synced every time you make a change?

Or are you talking about creating an image for each file?

Re:TrueCrypt

[jellomizer]

I am concerned about security on a cloud service...
Except for asking them to explain their security to you. I will download a tool without doing any security audit on it. Put it on my PC right under my desk and open a port to the outside world on my firewall. That way I feel a lot safer.

On the whole you are better off with cloud services. The key disadvantage is if it goes down, a lot of people go down too.

Now Cloud isn't perfect for everyone once you reach a critical size it is probably cheaper and for you to move it in house. And when you go with a cloud service and you are going to invest a lot of money... Be sure you come up with a good Contract with them. Don't let them abuse you, you work with legal to get the correct contract, if they refuse you go to the next guy.

Re:TrueCrypt

[TehDuffman]

I have all my passwords stored in Keepass on Dropbox. I'm not worried about having it hacked and makes accessing my passwords extremely easy and secure.

Also my resume is on there.

Re:TrueCrypt

[BLToday]

I've been having problems with Dropbox using only the original uploaded TrueCrypt files and not any updates that I've made to it.

Re:TrueCrypt

[blueg3]

They only sync parts that have changed, with a 4 MB granularity. (That is, files are logically divided into 4 MB chunks, and only chunks that change are synced.)

Re:TrueCrypt

[DMUTPeregrine]

There is no TrueCrypt client for Android. There IS a GPG client, so make it Android + GPG. More work than Truecrypt though, since you have to encrypt and decrypt each file. https://code.google.com/p/android-privacy-guard/

Re:TrueCrypt

[Binestar]

Try AxCrypt. http://www.axantum.com/axcrypt/ Open Source, AES128. I am not a cryptologist, so I can't vouch for how good it actually *IS*, but I've not been able to find anything other than a vague post on version 1.1 having an implementation bug.

Re:TrueCrypt

TrueCrypt would be fucking horrible. You'd waste 4 MB of your data plan every time you changed a bit in the file.

Re:TrueCrypt

Trucrypt's default behavior is to NOT update the modification time on the container when its contents have changed, so Dropbox can't tell if the container has been modified. You need to configure truecrypt to update the container modification time and that should solve your problem.

Re:TrueCrypt

[siride]

I really hope it's not called "keepass".

Re:TrueCrypt

[moronoxyd]

See above.
Dropbox only synchs parts of big files that have been changed.

Re:TrueCrypt

[MobileTatsu-NJG]

Will DropBox be able to actually overwrite that 4mb chunk while you still have the image mounted as a drive? If you write something else into that folder while DB is updating couldn't it fail spectacularly?

Re:TrueCrypt

[digitig]

It is called Keepass, and I do the same. All my passwords are in there too, except for 3:

• My dropbox password;
• My Keepass password; and
• My primary email password so I can recover all the other passwords if Dropbox loses my Keepass file.

Re:TrueCrypt

[TehDuffman]

I really hope it's not called "keepass".

Why

http://keepass.info/

Re:TrueCrypt

[MBGMorden]

Either that, or, to prevent excessive syncing just setup a cron job to run a "touch" on that file at an interval you're comfortable with.

Re:TrueCrypt

[MBGMorden]

TrueCrypt would be fucking horrible. You'd waste 4 MB of your data plan every time you changed a bit in the file.

Not everyone is on a capped data plan, nor do they necessarily change the file contents very frequently. I keep things like scans of tax returns and such in such a volume. Those get updated (as you might guess) once per year.

Re:TrueCrypt

[blueg3]

That's an interesting question. I don't know when the sync is triggered. The smart thing for Dropbox to do is wait until the file is closed (that is, the Truecrypt volume is unmounted) before attempting to push updates. Hopefully it would not try to download updates and apply them unless the volume is unmounted -- to do so would be disastrous.

A TrueCrypt container isn't going to handle simultaneous access well at all, which is a distinct shortcoming of this method.

Re:TrueCrypt

Never ask a stupid person "Why?", you won't like the answer you get.

Re:TrueCrypt

I do the same. Only bad part is Android's keypass only supports the old version of the keypass database format. That's unfortunate because some of the plugins for the latest version of keypass are quite nice. Particularly I enjoy the chrome-i-pass or whatever it's called. Basically this means I have to store my password file twice and either import or export from one format to the other every time I add a new password.

Re:TrueCrypt

[mlts]

I would be leery about that. Most people don't use a passphrase large enough to seriously resist brute force attacks (20 characters minimum is what TC recommends). Plus, even encrypted data is still useful, because an adversary can brute force it at their leisure when stored remotely. Keeping the passwords stored on a device that would require physical access to gives a lot better security and keeps the baddies from getting access in the first place.

Re:TrueCrypt

[mlts]

I use that on local machines with file wiping to ensure confidential data stays that way. However, when you open a file, it decrypts it. So, if you store it on DB, for a while, DB will have a version of your file in plaintext.

If I were to recommend a solution, I would recommend TrueCrypt volumes (preferably using a keyfile). If TC can't be used, then on a Mac, use an encrypted sparse bundle filesystem (since it uses 8MB bands), or EncFS on Linux. An attacker may be able to figure out a file's approximate size with EncFS, but almost nothing else. In fact, it befuddles me that EncFS isn't part of Android because it would address the file encryption issue that keeps Android phones from being taken seriously in the enterprise.

Re:TrueCrypt

[TehDuffman]

I would be leery about that. Most people don't use a passphrase large enough to seriously resist brute force attacks (20 characters minimum is what TC recommends). Plus, even encrypted data is still useful, because an adversary can brute force it at their leisure when stored remotely. Keeping the passwords stored on a device that would require physical access to gives a lot better security and keeps the baddies from getting access in the first place.

According to http://howsecureismypassword.net/ my password would take a million years to brute force. Not to worried about getting it brute forced. Without access to these passwords everywhere (phone/laptop/public computers/tablet) they are useless to me. What good is great security if you have no way to use what that security protects?

Re:TrueCrypt

[SilasMortimer]

Because it's suggestive in what seems to be an unintentionally hilarious way. "Keeppass" would make more sense for what it does, but personally I like the current, suggestive spelling.

It's like those Payless shoe stores. When I'm forced (usually by a girlfriend) to go into one of those miserable places, I like to spread the misery by being mercilessly annoying and complaining that the shoes are not free and that if that's not what they meant, they should have used two words.

Being a Grammar Nazi doesn't mean you can't have fun.

Re:TrueCrypt

[RobDude]

Is it really worth the hassle of using DropBox for something you access once a year? I thought the big selling point of DropBox was that it seamlessly synced files on all of your devices with each other in (near) real-time.

But if you've got a small, encrypted file you access once a year; what's the benefit of having it on all of your devices and updated and synced all the time? What makes DropBox better than emailing an encrypted file to your Gmail account? Heck, Gmail gives you more storage than DropBox does the last time I checked and I can't imagine Google being more likely to lose your data.

Just curious. For the record, I have the exact same setup as you (TrueCrypt with important tax files on my DropBox) but I never really thought about WHY that makes sense. Just that I could do it.

Re:TrueCrypt

[mlts]

I wish KeePass supported keyfiles on both the iPhone app and the Android one. This way, one can have the key file manually copied to each device (and stored securely) while the password database is accessible by any device while an attacker who snarfs it will have to run brute force guesses against the entire 256-bit keyspace.

Re:TrueCrypt

[djsmiley]

A million years, or a million CPUs?

One is unlikely, the other is about $2000 away, give or take depending on if you go with the russians, chinese, or amazon. :P

Re:TrueCrypt

[djsmiley]

Oh and using a online website, whos credianitals you can't _Really_ check, and entering your "one password to rule them all". Well played. :)

Re:TrueCrypt

[idontgno]

Why don't you synchronize the file between the two mobiles using Dropbox?

WARNING: LOW-FLYING JOKE.

Re:TrueCrypt

[TehDuffman]

A million years at 10,000,000 calculations per second.

Re:TrueCrypt

[LunaticTippy]

I put my tax returns encrypted in DropBox so they are handy and for backups. I never know when I'll need my return (I just bought a house, and it was helpful) and if my computer explodes I won't lose them.

In fact, I've only used db for sharing files with others or for long term safe storage so far. I haven't bothered setting up the sync-everywhere stuff yet, although it seems handy.

Re:TrueCrypt

[larry+bagina]

expert sex change much?

Re:TrueCrypt

[MBGMorden]

I gave the tax returns as AN example of the type of thing I store on there that I specifically take the time to encrypt. I also use it for things like family photos, but I don't bother encrypting that sort of thing. I also symlinked the directory that I keep all my music files on so that that syncs over too - also not encrypted.

Since I've already got the Dropbox account (with upgraded storage space that I pay for), it's simpler to just use it.

Re:TrueCrypt

[Kalriath]

Well, considering you entered your password into a public-facing website, just to test how secure it is, the answer is...

Your password is not very secure at all.

Re:TrueCrypt

[TehDuffman]

Well, considering you entered your password into a public-facing website, just to test how secure it is, the answer is...

Your password is not very secure at all.

Yes because they will now go to every dropbox account looking for keepass files, find mine and use my password on it.

Re:TrueCrypt

[mabinogi]

That's not true - I'm using KeepassDroid with a version 2 Keepass database fine...

Re:TrueCrypt

[Kalriath]

Whoosh.

Re:TrueCrypt

[tincho_uy]

TrueCrypt might not be the best option, if you plan on having the image mounted in several machines, due to sync issues as mentioned by sibling posts. If you're on *nix, encfs is a better solution, as it works individually on each file, and can handle the updates without remounting.

Re:TrueCrypt

[Acutus]

A better solution for encrypting Dropbox content is using BoxCryptor (Win) + EncFS (Linux + Mac). Those are file-by-file-encryption tools which encrypt each file individually. No network overhead, simultaneous access is still possible and you can use features like file versioning or undeletion.

http://www.boxcryptor.com/ [boxcryptor.com]
http://www.arg0.net/encfs [arg0.net]

Re:TrueCrypt

[dolmen.fr]

According to http://howsecureismypassword.net/ my password would take a million years to brute force.

But, as you gave your password to this site it is now stored in their database so they won't have to brute force it anymore.

Re:TrueCrypt

[blueg3]

Some per-file encryption schemes encrypt the files whole (with something like CBC) instead of by block, which for large files will have a negative impact on Dropbox. Perhaps these don't.

Additionally, even if you have per-file encryption, the filenames and other metadata for the files, including a complete timestamp history of changes, is visible without decryption. For some people, this is more information than they want others to have about their files.

Re:TrueCrypt

[Acutus]

Both, BoxCryptor and EncFS, encrypt the files by block (within a block CBC is used and you can change the block size) and not as a whole. They also encrypt filenames by default (this can be changed), although, you're right, other metadata like timestamps etc. are not encrypted.

SparkleShare

[WhiteSpade]

SparkleShare may be what you're looking for. I've had my eye on it for awhile, but I havn't used it yet.

---Alex

Rent a box at rackspace

[mallyn]

Rent a system at rackspace or a similar place; run linux on it?

Re:Rent a box at rackspace

Run linux... and what else?
I've got a Linux box that's exposed to the Internet, but I'm not sure how to get the same kind of easy drop-box like functionality out of it.. I mean ,I could always SFTP into it, but that's more clicks and the monthly "upgrade available" pop-ups from Filezilla are darned annoying..

Re:Rent a box at rackspace

[MobileTatsu-NJG]

Rent a system at rackspace or a similar place; run linux on it?

How do you keep the people that have physical access to your machine from messing with your files?

Re:Rent a box at rackspace

[guybrush3pwood]

Rent a system at rackspace or a similar place; run linux on it?

How do you keep the people that have physical access to your machine from messing with your files?

A video camera and an attached shotgun.

Re:Rent a box at rackspace

[kryliss]

- Edit
- Settings
- Update Check
- Uncheck Enable automatic update check

Easy as pi.

Re:Rent a box at rackspace

[gstoddart]

How do you keep the people that have physical access to your machine from messing with your files?

Short of heavy-duty crypto ... I think most security falls apart when someone can have physical access to the machine.

And, even then, someone with the resources might be able to get through it if they were determined enough.

You want security, keep your files on your own machine, not in the cloud or on someone else's server.

Re:Rent a box at rackspace

[MobileTatsu-NJG]

Short of heavy-duty crypto ...

Short of it? That wasn't even covered in the original post. That was the point.

Re:Rent a box at rackspace

[gstoddart]

Short of it? That wasn't even covered in the original post. That was the point.

Except, in the links provided in TFS, DropBox had been asserting that the data was stored securely, and they couldn't look at them if they wanted. Turns out, they can, and if they wanted to (or were compelled to), they could.

So, it was covered in the article, and unless you applied your own crypto to your files, the question about how to protect your files from someone with physical access to the machine boils down to "you can't". So, short of encrypting your files before uploading them, you can't keep your data secret when you use dropbox.

And, just because DropBox initially said your data was secure, even from them ... well, that doesn't make it true. In fact, it's utterly false.

I'm not even sure we are disagreeing here.

Re:Rent a box at rackspace

[MobileTatsu-NJG]

...and unless you applied your own crypto to your files...

This is the step I want the answer to.

Re:Rent a box at rackspace

[gstoddart]

Try here, or here, or here, or here.

Every time this topic comes up, people suggest these guys. There used to be PGP, I think it's commercial now, but there's GNU PGP.

I think any manner of Google searches will tell you how to do this. It's something that's been around for quite some time in various incarnations.

Re:Rent a box at rackspace

[MobileTatsu-NJG]

Thanks man!

Re:Rent a box at rackspace

[fermion]

Something like this may be the best option for someone that does not want to use Dropbox. More than likely, when and if Apple end iDisk, I will move to a Webdav server at a shared hosting site. Although Rackspace would be the ultimate, it would be rather more expensive than the $99 mobileme. Many shared hosting services has Webdav included, and ample space. Since it is your virtual server, and you are paying for it, there are no ads or third party data mining. There is, of course, risk of random attacks by third parties, but if you set up some random domain that is not on the search engine listting it should less a target than dropbox.

Re:Rent a box at rackspace

[MikeBabcock]

GPG works great, as does the Android version thereof.

Re:Rent a box at rackspace

[CastrTroy]

I've been using WebDav on my shared hosting for years. It's much more integrated than anything like dropbox. Sure it doesn't save old versions, but if you really want version control, then use real version control, which your shared host should support as well.

Re:Rent a box at rackspace

[TangoMargarine]

Firefox has the most painless update of any program I've ever seen and you're complaining about clicking "yes, later please" *once a month*?!

Re:Rent a box at rackspace

[BitZtream]

If you want version control, then you just use Subversion with mod_svn on apache, which gives you versionining on top of WebDAV. That is, after all, how Subversion works.

Re:Rent a box at rackspace

[Kalriath]

Firefox? Who said anything about Firefox?

Re:Rent a box at rackspace

[Kalriath]

WebDAV is a protocol, not a product. A WebDAV server could support versioning (for example, Sharepoint does - and that's a WebDAV server).

Re:Rent a box at rackspace

[DJProtoss]

also don't forget encfs as an option - lacks the license issues with truecrypt, plus it can be got to work under linux, osx and windows.

Re:Rent a box at rackspace

[TangoMargarine]

Firefox, Filezilla...they both start with "Fi," right?

Ubuntu One

[Sylak]

Not to state the obvious but... is Ubuntu One what you mean?

Re:Ubuntu One

[mdragan]

He said he doesn't trust the cloud, so probably doesn't matter if it's owned by Canonical or someone else. He wants to own the server, he probably wants to keep it in his bedroom.

Re:Ubuntu One

He said he doesn't trust the cloud, so probably doesn't matter if it's owned by Canonical or someone else. He wants to own the server, he probably wants to keep it in his bedroom.

Ubuntu One is based on CouchDB, so he could host that piece himself; I wonder if any of the Ubuntu One clients support changing the target URL (may have to re-compile).

Re:Ubuntu One

The backend for Ubuntu One is proprietary, unfortunately.

Re:Ubuntu One

[History's+Coming+To]

Ubuntu One is very useful, but I'm not sure if it will also work with Windows (Cygwin maybe? Never tried it). As mdragan says though, he wants it running on his own server I think, so it's not what he's after.

To be honest I'd just use an ftp folder and cron jobs for the synchronisation if the data's not particularly sensitive.

Re:Ubuntu One

[edmicman]

Ubuntu One, but the server-side is proprietary. And it is rather buggy on other platforms.

So, like a lot of open source software, it's a solution...but not really.

Re:Ubuntu One

[MBGMorden]

I'm not sure I really see the point if he's trying to avoid the "the cloud". If you want to go the annoying self-hosted route there are certainly things like rsync, but to me that eliminates one of the primary uses of these type of services: an off-site copy of your data. A Dropbox account to me means that if my house burns down I don't lose 10 years worth of family photos and financial documents. No home-spun solution will do that unless you're co-locating off-site.

As has been suggested several times, if you're that concerned bout data privacy - sync over a True-crypt volume.

Re:Ubuntu One

[cratermoon]

Like a lot of open source software, it's like a lot of other open source software that attempts to do pretty much the same thing, but in a different way and with different bugs and missing features. The solution, of course, to this mess of half-finished, buggy, and abandoned OSS with horrid UIs is easy. Start another project to do the same thing, only this time, we'll do it right. It'll be feature-complete quickly and free of serious bugs because all those other developers working on similar software will immediately see how superior we are and join us.

Re:Ubuntu One

[arisvega]

You be trollin'. I am definately not in the mood of advocating Ubuntu, but;

They are working on it, AND they are giving out 2GB for free, AND if you skip the autosync features you can open a crapload of different accounts, AND you get 20GB more for the price of two icecreams per month.

Granted, $36/year may give you a sour face, but have you seen the prices of the competitors?

Re:Ubuntu One

When I tried it, it was quite buggy on Linux too.

I frequently had problems where it would have conflicts for the same file; since I was only doing my laptop (running Ubuntu) -> Ubuntu One there is no reason I should have ever had conflicts.

Re:Ubuntu One

[Abreu]

I access my Ubuntu One files via the web interface on Windows... not very convenient, but it works in a jiffy

Re:Ubuntu One

[mlts]

It depends on how much you want security. If a person has two servers with full disk encryption present, both servers located in separate areas, and one server the one that replicates data via rsync over ssh to the other, this can be a secure and fairly reliable solution, although it doesn't factor in long term backups. Long term backups can be addressed by having a tape drive that supports encryption in hardware and doing basic hygiene when it comes to backups (tape rotations, off-siting media, etc.) On the cheap, backups can be done by using external 2.5" drives (ones that don't need a power supply) and rotating them in and out.

This isn't as easy to use as a cloud provider, but at least by packing your own parachute, you know that an attacker would have to seize physical access to your boxes, then do some advanced forensic work in order to access your data, as opposed to a cloud provider where you will never know if access of your files to an attacker could just be a chdir away.

Re:Ubuntu One

[fak3r]

Ubuntu One, but the server-side is proprietary. And it is rather buggy on other platforms.

Sounds perfect...erg, wait...

Re:Ubuntu One

[lennier]

Not to state the obvious but... is Ubuntu One what you mean?

Ubuntu One makes a point of not being encrypted at the client. Until they do, I don't see how it's a solution to anything except the question "how do I give the NSA the fastest possible access to all my private data".

Re:Ubuntu One

[wrook]

Everyone who has worked in a large company (or even some small companies) will recognise this argument. It's the beginning of every conversation discussion why our current product sucks and why we need to rewrite it. The only difference between open source software and projects behind closed doors is that we don't notice when closed rewrite projects fail (as they will almost invariably do). The problem with open source projects is that the graveyards are public.

Re:Ubuntu One

[AmiMoJo]

It is a leadership problem. All the really good OS software has strong leadership behind it, either from the community or from a corporate overlord.

It isn't surprising that there is a lack of effective leadership in OS. Projects are started by programmers for fun, but once they get moderately sized and other coders start contributing it quickly becomes more about management. Companies have dedicated managers to do that.

Linus seems to have made it work but Linux seems to be the exception rather than the rule.

Re:Ubuntu One

[Edam]

I think a requirement (unstated, but implied) would be that you can run the server yourself. So I would guess that Ubuntu One is probably not what the OP was looking for.

Re:Ubuntu One

[cratermoon]

Management != Leadership.

What about Usenet?

[__aasehi2499]

It has been a cloud type service that has been around for how long? Granted it's not private, but all you have to do is encrypt your files. And as for privacy, considering the things that people continuously post there, and don't get caught, speaks to the possibilities. Yeah I suppose, data retention has only in the last few years gotten good enough to make a difference. But there have got to be some things we could learn about making the cloud work better from it.

Re:What about Usenet?

This is the stupidest suggestion I've read in a while.

Re:What about Usenet?

[yarnosh]

As if using usenet to distribute warez wasn't inappropriate enough. Hey lets all start using it as a dropbox for all sort of random shit!

Maybe I'm just old fashioned, but usenet is for discussions.

Re:What about Usenet?

[__aasehi2499]

As if using usenet to distribute warez wasn't inappropriate enough. Hey lets all start using it as a dropbox for all sort of random shit!

Maybe I'm just old fashioned, but usenet is for discussions.

Not since Eternal September began.

Re:What about Usenet?

[yarnosh]

That was more about the quality of discussions. I'm talking about the way usenet is abused to store extremely large chunks of data. It is just not the right technology for that sort of thing. You get all that data needlessly replicated across the whole network unless someone explicitly blocks certain groups. It made retention a lot more challenging. It is like passing around large files by email. Sure, you can do it, but you really shouldn't.

Re:What about Usenet?

[__aasehi2499]

And yet many people find it faster by far and more reliable than any web based file storage solution. A few parity files ensures data integrity, even if the parity files jacked, they can still reconstruct data to its original state. Web services MAY provide someone with a checksum of some kind, but that only tells you what you just spent forever acquiring is no good, it doesn't rebuild it. And as for speed, I have NEVER had my connection continuously maxed out by available bandwidth from any web service, IRC, torrent, p2p, ftp, or gopher...etc, Usenet on the other hand, full bore, full speed, full utilization 24/7 on a 20Mbit(2MB)/sec connection.

Re:What about Usenet?

[yarnosh]

And yet many people find it faster by far and more reliable than any web based file storage solution.

Tha That and they they didn't have to pay for it. Also, it is pretty anonymous.The problem with using usenet for exchanging files is that it put the already high cost of storage onto the people who maintain the servers. Eventually it got to the point where usenet servers had to be commercialized and people paid for what they downloaded. Which is fine, but it is still a strange use for what was originally intended to be a message/forum system.

A few parity files ensures data integrity, even if the parity files jacked, they can still reconstruct data to its original state.

Right, but the only reason you need that kind of parity checking in the first place is because you're abusing a system that wasn't designed to store large files. This is not really a feature of usenet so much as a way of compensating for the drawbacks of the system.

Web services MAY provide someone with a checksum of some kind, but that only tells you what you just spent forever acquiring is no good, it doesn't rebuild it.

This simply not an issue. I can't remember the last time I got a corrupted HTTP download. LIke I said, the only reason you need the partity and ability to reconstruct files with NNTP is because you're abusing a system that wasn't designed for what it is being used for.

And as for speed, I have NEVER had my connection continuously maxed out by available bandwidth from any web service, IRC, torrent, p2p, ftp, or gopher...etc, Usenet on the other hand, full bore, full speed, full utilization 24/7 on a 20Mbit(2MB)/sec connection.

And you pay for this service, no? Don't usenet servers now charge people who download a lot?

Re:What about Usenet?

[__aasehi2499]

The only point of yours I take issue with at this point is the payment factor. The web based cloud services that are worth anything are pay per use as well, correct? And the label 'strange' has never stopped innovation :D

Re:What about Usenet?

[yarnosh]

I wasn't complaining that you have to pay for fast/frequent usenet downloads. I was just pointing out that you are paying extra for the speed. It is not inherent in the technology. In an ideal world, you would use something like HTTP to store and distribute files and pay for big pipes. That way you wouldn't have all that needless replication of data, you wouldn't have to deal with retention issues, and you wouldn't need to do clumsy things like break up large files, encode them as base64 (or whatever their using in binary groups), and introduce extra parity information.

The problem is that most usenet binaries are of an illicit nature and you can't safely host them on US servers for speedy access. I think it is anonymity that really drives the usenet binary underworld.

Re:What about Usenet?

[__aasehi2499]

I agree, hence my original thought that we could learn a lot from Usenet, especially as you point out, how much it is not suited to the task at hand. Or if we can't apply Usenet methods to the cloud service, there is at least a bar that has been set, that the cloud has not reached yet, at least in function, though not ease of use.

Ubuntu One

[arisvega]

Ubuntu One, but the server-side is proprietary. And it is rather buggy on other platforms.

ftp

you could run an ftp server on linux. there are ftp apps for iphone and android. With a few lines of php you could even list out all the files that have been uploaded and allow them to be downloaded with a web interface.

Re:ftp

[MobileTatsu-NJG]

Great, all that's left is to update your server periodically, secure your ftp, and find some sort of auto-syncing functionality.

Re:ftp

[shmlco]

"... all that's left is to update your server periodically..."

Look, you can't have your cake and eat it too. Either someone else hosts the service, does the maintenance, and as such has physical access, or you use your own server, in which you have to do maintenance.

Re:ftp

[MobileTatsu-NJG]

No no no, I'm saying his solution isn't a complete solution. Here's what his answer was like:

I need to get from St. Louis to Los Angeles!

Buy some Michelin tires.

Boy it'd be nice if the people offering solutions were actually aware of what all DropBox does.

Re:ftp

[BitZtream]

So, I'm a freebsd user and the commands are a little different, but if he's doing this on some sort of Linux distribution, wouldn't all the 'work' be done by your package manager?

apt install whatever

cron an apt update or however it works

Use webdav and let whatever clients you want 'auto-sync' with it since well ... thats the only intelligent way to do it anyway since its supported almost everywhere and the important OSes have clients built in.

so basically install apache and mod_webdav, though I'd use subversion and get free revision retention myself if it was was being used to store documents mostly, regular webdav otherwise.

Cron a apt-update or however you do it in Linux, and forget it until you get emails from the cron job complaining that its not working.

I don't really understand why Dropbox is so hard to emulate unless you want it to scale to millions of users.

Why do FOSS people always seem to want to reinvent the wheel?

Re:ftp

[npsimons]

Either someone else hosts the service, does the maintenance, and as such has physical access, or you use your own server, in which you have to do maintenance.

I've never understood why people consider running their own servers so hard; I certainly don't consider myself some hotshot admin (although I do have a bit more experience than most amateurs), and it's always seemed simple to me: get a business line with static IP (DSL or cable), setup a Debian box, lock it down with Bastille (or IPTables by hand at a minimum), and setup SSH+{rsync|git} or whatever suits your fancy (as long as the connection is encrypted and you use keys for auth). Seriously, what's so hard about this?

SSH?

I am wondering - I've been using my home server with ssh for this for ages ....

I know it's not super easy, but it takes a few seconds to setup in ubuntu and the like ....

Google

[thebra]

I googl'd "open source alternatives to dropbox" and got back lots of results.

Re:Google

[Opportunist]

And which one are any good?

That's what bothers me about the "let me google that for you" crowd. Google is a search engine. It is no expert system, and it certainly makes no recommendation based on certain qualities of a product.

Re:Google

[stating_the_obvious]

It's true there are lots of results -- but having researched this myself for the last few weeks, I'm pretty sure there is nothing fully baked. Dropbox is quite good at what it does (security aside), and replicating it across multiple OS platforms and mobile devices is quite hard.

What I'd love to see (although not FOSS) is simply the ability to run dropbox on a private sever. sadly, dropbox shows no interest in this solution.

Re:Google

Well, no.

Re:Google

[trvd1707]

but since search engines return results based on your pattern of usage, thebra's results might be better than garry_g's ones.

Re:Google

[nateand]

bing and decide, bro (sarcasm)

Hosted Alternatives

[slifox]

There are some decent-looking hosted alternatives to dropbox which do client-side encryption. I've looked into this a bit, but I haven't tried any of these yet, so YMMV...

One particularly interesting one is TarSnap. The best part is the client is OSS, so you can verify that encryption is done properly (strong & client-side). You could even reverse the protocol and design your own server software, if you want.
http://www.tarsnap.com/

Another interesting one is SpiderOak. However their client is not OSS, so you have to trust that they're doing the encryption properly
https://spideroak.com/

Here are some other potential hosts, but I'm not sure exactly how proper the encryption is:
http://www.boxcryptor.com/
http://syncplicity.com/products/

Re:Hosted Alternatives

[metlin]

I've always thought about this -- how about a distributed storage network? Anyone using this needs to have a dedicated line and allocate at least 1 GB of their personal storage, and in return, they get 0.5 GB of distributed storage. The idea is similar to a P2P network, only, the data is distributed and redundant across every peer on the network (hence the reason you only get half of what you put in). As long as the encryption is quite secure, and there's a central server tracking the users, it should be fairly straightforward to build. Participants could even be ranked in terms of reliability, and less reliable users can be kicked off the grid (i.e. if you're trying to freeload on the system by not staying connected).

Re:Hosted Alternatives

[paulo.casanova]

Don't waste your time and register a patent for that :) It has already done (at least in research). Lookup Pastiche. It was published in Proceedings of the 5th Symposium on Operating Systems Design and Implementation, 2002.

Abstract: Backup is cumbersome and expensive. Individual users almost never back up their data, and backup is a signicant cost in large organizations. This paper presents Pastiche, a simple and inexpensive backup system. Pastiche exploits excess disk capacity to perform peer-to-peer backup with no administrative costs. Each node minimizes storage overhead by selecting peers that share a signicant amount of data. It is easy for common installations to nd suitable peers, and peers with high overlap can be identied with only hundreds of bytes. Pastiche provides mechanisms for condentiality, integrity, and detection of failed or malicious peers. A Pastiche prototype suffers only 7.4% overhead for a modied Andrew Benchmark, and restore performance is comparable to cross-machine copy.

Re:Hosted Alternatives

It's called Wuala.

Re:Hosted Alternatives

Another potential candidate along the lines of not sure how proper the encryption is: http://sparkleshare.org/

Re:Hosted Alternatives

[edmicman]

I've wondered about this for even a local network. At my last job we'd have desktop machines with gobs of free hard drive space. Wouldn't it be nice if you could capture that free space on each machine and pool it all as sort of a local distributed network storage? Heck, build it into the OS and you'd be set.

Re:Hosted Alternatives

[Ludedude]

Spideroak sucks. The software is buggy as hell, their bandwidth must be purchased by the strawful as the transfer speeds are comparable to what I was getting on dialup in the 90s, syncing is hit or miss at best and it's a gigantic resource hog. It cost my company $90 to beta test this POS and the company insists that all sales are final so too bad for me. Stay away from Spideroak! As to the rest, Sparkleshare shows promise so far. I'm also intrigued by Aero FS (http://www.aerofs.com/) but they're still in closed beta and I haven't been able to score an invite.

Re:Hosted Alternatives

Kinda like this? It's called Wuala. YMMV

Re:Hosted Alternatives

[Hatta]

What you really want is some general purpose online storage, and just host an encrypted loopback file on it. Just mount it, and let the filesystem do the rest. There's no need for any sort of support on the server side.

rsync.org is an excellent provider that gives you all the tools you'd need to do something like this at reasonable rates.

Re:Hosted Alternatives

[Hatta]

I meant Rsync.net, of course.

Re:Hosted Alternatives

Freenet does something similar. It is not very robust or scalable. Infrequently accessed files are bumped off or have missing pieces.

Re:Hosted Alternatives

[Jane+Q.+Public]

It's already there, and it's called OneSwarm.

Originally developed at the University of Washington, OneSwarm is a private P2P network system, storing files in an encrypted, distributed fashion. You can control who can access your shared files (if anyone). And if you do decide to share any files with others, the way OneSwarm works makes it impossible to determine the actual source of those files. They could equally be coming from anyone who is in that network. And you can set up and belong to as many different private networks as you want.

Re:Hosted Alternatives

[why-lurk]

You're describing the key ideas of Tahoe LAFS:
http://en.wikipedia.org/wiki/Tahoe_Least-Authority_Filesystem

As long as a quorum of your family/friends are available, you can access the files. Think of a distributed RAID using something like PAR to create enough excess parity to handle the loss of a number of blocks of each file. It is encrypted in such a way that none of the other nodes can reconstruct your files, or you theirs.

Re:Hosted Alternatives

[geminidomino]

I'm afraid I have to second this. Spideroak talks a good game about Zero-knowledge and all that, but their implementation leaves much to be desired. For example, actually working. Set it up on one device, no problem. Try to use the same credentials to add a second device for syncing? Not so much.

Re:Hosted Alternatives

[atriusofbricia]

Spideroak sucks. The software is buggy as hell, their bandwidth must be purchased by the strawful as the transfer speeds are comparable to what I was getting on dialup in the 90s, syncing is hit or miss at best and it's a gigantic resource hog. It cost my company $90 to beta test this POS and the company insists that all sales are final so too bad for me. Stay away from Spideroak!

As to the rest, Sparkleshare shows promise so far. I'm also intrigued by Aero FS (http://www.aerofs.com/) but they're still in closed beta and I haven't been able to score an invite.

I'm trying spideroak right now along side dropbox as dropbox is blocked in some parts of the world. So far, I can't say I'm highly impressed. It works, sorta. There was another one who's name escapes my memory I was going to try. However, their answer to "linux client?" was "pound sand". Or more accurately, "we'll kinda sorta farm that out to someone who is too busy to actually do it and can only use the least useful and most bug ridden interface to our system."

Re:Hosted Alternatives

[Sancho]

One particularly interesting one is TarSnap. The best part is the client is OSS

Be aware that while the Tarsnap source is available, it's not really OSS (according to the guidelines of the OSS Initiative.) Colin Percival does not permit modified clients to connect to the tarsnap service, nor does he allow redistribution of modified clients. The main purpose for distributing source seems to be verifying that the encryption is done properly (this is a good thing) and compiling for your specific platform (also good).

Re:Hosted Alternatives

http://freenetproject.org/

I have used JungleDisk for years

[altamira]

For this very reason. I use RackSpace and S3 for storage, the encryption occurs locally, so the cloud storage provider cannot get your data. They have free source code so you can validate how it works too. Has never failed on me and saved my data several times with backup and sync. Happy customer

The cloud is secure - if treated correctly

[Mephistophocles]

Dropbox is secure - just use PGP to encrypt everything you put up there, and decrypt it upon arrival at your host machine. I suppose that would require a jail-broken Android, but that's not all bad... I don't generally accept arguments that the cloud isn't secure. It is, if used correctly (see above). The cloud is like a public restroom - you treat it differently than the one in your house by being much more conscious about cleanliness and such (in the cloud, more conscious about security), but it's perfectly acceptable to use both.

Re:The cloud is secure - if treated correctly

The cloud is like a public restroom

In that they're both full of other people's shit.

Re:The cloud is secure - if treated correctly

[DMUTPeregrine]

APG (Android version of GPG) does not require root.

Re:The cloud is secure - if treated correctly

[inject_hotmail.com]

Dropbox is secure...

BWAHAHAHAHAHAHAHAHAHAH....
...
hahahhahahaahahahahahah

If anyone here knew how unsecured your data is (unless it has been encrypted outside of their setup), no one would ever use it.

This may be out of date information, but I highly doubt DropBox has changed their routine. Back in April, it was exposed that if anyone gets ahold of your DropBox's config.db file on your computer (which contains a host_id/GUID...which is open to random guessing as well) they can use ANY valid username/password (e.g. their own) to access files in that GUID's (your) box.

Yes, it's that easy.

When will people learn...these companies aren't giving you what you want out of the goodness of their hearts...they are making money doing whatever they are doing, and it's going to be somehow at your expense. Your security is NOT their concern. DropBox could EASILY tie your user/pass to validated hosts...but...they don't.

Some easy reading:
http://news.softpedia.com/news/Design-Security-Flaw-Allegedly-Discovered-in-Dropbox-Client-194427.shtml

May as well keep $500,000 worth of BitCoins in the same file...

Re:The cloud is secure - if treated correctly

[jsjacob]

You pulled his quote out of context. His full assertion is that Dropbox is secure IF USED CORRECTLY (i.e., encrypting data before sending to Dropbox). Do you have evidence that contradicts that statement?

Re:The cloud is secure - if treated correctly

[Night64]

Jail-broken Android? Android is not in jail (or in a walled garden, if you want to put that way). And I don't need root to use PGP. Please clarify!

Re:The cloud is secure - if treated correctly

[lehphyro]

Then you lose the advantage of not having to upload a file if someone uploaded the same file before. If your files are too sensitive to be anywhere else besides your computer, just don't put them anywhere else!

Re:The cloud is secure - if treated correctly

[meloneg]

Dropbox is secure...

BWAHAHAHAHAHAHAHAHAHAH.... ...
hahahhahahaahahahahahah
If anyone here knew how unsecured your data is (unless it has been encrypted outside of their setup), no one would ever use it.

Wow!!! That is a really impressive job at taking something out of context.

For those too lazy to look, GP said:

Dropbox is secure - just use PGP to encrypt everything you put up there, and decrypt it upon arrival at your host machine. I suppose that would require a jail-broken Android, but that's not all bad...

Re:The cloud is secure - if treated correctly

[MikeBabcock]

You didn't read the comment you responded to, did you?

lol.

Try it again.

Re:The cloud is secure - if treated correctly

[TangoMargarine]

(unless it has been encrypted outside of their setup)

Thank you for taking twice as long to agree with him.

Re:The cloud is secure - if treated correctly

[chinton]

So, I take it that PGP is the paper ass-gasket you use when dumping into dropbox?

Re:The cloud is secure - if treated correctly

[14erCleaner]

It's not secure if you have to be a techie to use it securely.

Re:The cloud is secure - if treated correctly

"Dropbox is secure - just use PGP to encrypt everything you put up there"

Except that having to manual encrypting files before storing them breaks the whole concept of a transparent, cloud-backed filesystem.

Re:The cloud is secure - if treated correctly

of course I can't speak for "smart"-phones, but Truecrypt works great for most any *nix, Windows, Mac OS.
And accessing the encrypted volumes can be made as easy and automated as you care to script (even windows with its PS or Autoit)

and if people would get delivered from the bondage of their media/gadget addictions, they may find it just doesn't matter much either. But we wouldn't want them to realize the horrors of truly believing that this is all there is to life, and what that really would mean when they inevitably die. How interesting a scenario to see people get so angry at a God they don't believe exists - and to actually harbor un-forgiveness toward a supposed mythical being.... wise in their own eyes, they can easily accomplish anything in and of their own powers and abilities, but yet they rely on other people to claim they understand something enough for them as well and ask everyone to have faith in their interpretation of what they have observed..... OH SORRY, started drifting there.... you may go back to your regularly scheduled news portal

Re:The cloud is secure - if treated correctly

[arkane1234]

A public pastebin is just as secure IF USED CORRECTLY (i.e., encrypting data before sending to Dropbox). Do you have evidence that contradicts that statement?

I guess if you do the security for them, then it's secure :P

which ultimately makes the answer null and void.

Re:The cloud is secure - if treated correctly

Dropbox is secure - just use PGP to encrypt everything you put up there, and decrypt it upon arrival at your host machine.

Dropbox is not secure. You implementation of Dropbox may be secure. Maybe you'd be so kind as to release your fully-automatic, multi-platform, open source code and binaries for a custom Dropbox client with client-side encryption to the world so programers and non-programers can also use a secure Dropbox.
No? Alright then.

Re:The cloud is secure - if treated correctly

The cloud is like a public restroom

In that they're both full of other people's shit.

And unlike it in that you have your own stall which only you shit in.

Re:The cloud is secure - if treated correctly

[cong06]

This.

Re:The cloud is secure - if treated correctly

Actually, that's not a correct statement. If you encrypt your data, you are at least making the attempt to secure your information. This doesn't mean that the cloud is secure, or the service (dropbox, unbuntu one, amazon, google or whatever) you are using is secure. There's a major difference, and it's something that needs to be considered carefully: secure transmission and secure storage of your information is every bit as needed as securing your information.

What does SVN have to do with it?

[jojoba_oil]

Why is SVN being compared to DropBox? There's no mobile app for SVN access because, typically, people don't do development on their phones...

Re:What does SVN have to do with it?

[mdragan]

SVN is not a development application, it is a version control application where you can store your data versioned. So if you want to keep text data on a central repository, SVN is good for that. Problem with it is that it's not good with binary data, so, not a solution for keeping different versions of your pictures, heh.

Re:What does SVN have to do with it?

[TheAmazingRyRy]

Why is SVN being compared to DropBox? There's no mobile app for SVN access because, typically, people don't do development on their phones...

SVN is not just used for development. It is a versioning system. If you want to store some files and keep track of all changes to those files, SVN would be what you want. Because it keeps track of the changes to files, it's not quite what you'd want in this situation, but it would be one method to store things in "the cloud".

Re:What does SVN have to do with it?

SVN can be used for versioning backups. I was using it for a while for just this purpose. Check out http://fsvs.tigris.org/. There are svn clients for Androids (subdroid and android-client are two that come to mind), google is your friend.

Re:What does SVN have to do with it?

First, I am using an Android tablet. Coding is perfectly feasible on it
It has a keyboard dock, so coding can even be quite comfortable.

Second, AFAIK, the svnkit library for Java has already been tweaked for Android compatibility.

Third, I already host my own SVN server running https.

Profit??? Hell yeah. I'd have to think so

And, going back on topic, it could definitely be used as secure storage.

Re:What does SVN have to do with it?

SVN is primitive, Mercurial is where the good stuff is at.

Re:What does SVN have to do with it?

[WuphonsReach]

Problem with it is that it's not good with binary data, so, not a solution for keeping different versions of your pictures, heh.

SVN has absolutely zero issues storing binary data. It compresses and it does deltas. Which works amazingly well for things like Microsoft Access MDB files (which are big binary blobs). Change a record in an Excel file or an Access database or a few lines in a Word document (the old 2003 formats), and the SVN delta is typically under a few kilobytes, even for a multi-megabyte binary blob.

Image files are a problem for pretty much any VCS because most of the file formats are such that if you make a small change in a portion of the image, it can change the entire file stream when you write it out (especially with lossy codecs like JPEG). There's generally no way to do a binary delta on that. But if you were to store the images as lossless uncompressed BMP, then changing a few pixels would probably result in a very small binary delta.

The other half of the issue, however, is that SVN working copies always contain a pristine copy of the file in addition to the one that you are making changes to. So a 20MB TIFF is going to eat up 40MB of disk space in the local working copy. It's fine up on the server where it will only take 20MB, but does make things more difficult on a client where disk space is at a premium.

(No local storage of pristines is on the development roadmap, but not in the upcoming 1.7 release.)

Re:What does SVN have to do with it?

The Nokia N900 supports command line SVN

Re:What does SVN have to do with it?

[WuphonsReach]

FSVS is very cool technology. We use it on all of our Linux servers to track configuration changes.

Make some config file change under /etc or edit a script in /usr/local/sbin. Then do a fsvs commit with a comment of why you changed XYZ.

# cd /
# fsvs ci -m "changed XYZ to allow for ABC to happen" /etc/some/path

Two years later, when you're trying to remember how you made ABC happen, you just browse the SVN logs and look at the diffs. That feature alone makes it indispensable (we don't even use it to synchronize changes across servers, just to track changes).

Backing up the configuration of a modern Linux box takes anywhere from a few dozen megabytes (only /etc and a few select paths under /usr/local or other locations) up to 1-3GB if you also version control the binaries and libraries.

Re:What does SVN have to do with it?

[Domint]

Since SVN is a version control system, it can be used for things other than development. For example, I use the SVN repo at my office to store config files for my networking equipment. Makes it real easy to verify historical changes and provides a roll back point if necessary. Since SVN operates over HTTP(S), I could see the draw to use it for remote document/media storage as well. It may not have all the latest whizbang features one is looking for, but it will get the job done.

Re:What does SVN have to do with it?

Actually there are... iVersion on iOS for one.

Re:What does SVN have to do with it?

> There's no mobile app for SVN access

Huh? SVN works just fine on N900

Re:What does SVN have to do with it?

Why is SVN being compared to DropBox? There's no mobile app for SVN access because, typically, people don't do development on their phones...

I think they mean VPN

Re:What does SVN have to do with it?

Subversion is one of the underlying technologies that powers Dropbox.

Android phones pictures?

[icebike]

Why would he need dropbox for pictures snapped from his android phone?
If he has Android, he has google.
If he has google he has Picasa.
If he has picasa his android will sync with it at will.

Re:Android phones pictures?

I've got an Android phone but I'm not storing anything on Google servers. Unfortunately I need a Google account to use some essential functionality of the OS (the market). I'd be happy to use it anonymously.

The only file I store on DropBox is an encrypted backup of some important files. Maybe I'm a little privacy nut but that's the way it is :) Luckily I see today that I'm not alone.

Re:Android phones pictures?

[icebike]

True, the paranoid might want to store their upskirts on dropbox or a secure private storage somewhere other than on the phone (which could be seized by police). But this hardly makes sharing easy.

The request was for something more secure than Dropbox, or at lease open source. I have no problem with that. There' are documents I won't put on Google Docs, even tho I use Google heavily.

It just seemed to me that photo snaps were the least of my concern, and I would just keep them on the phone unless I wanted the share them, and if I wanted to share them dropbox or any other private implementation of that sort would be counter productive.

Thats where I was going with my post. Just the photo sharing angle. And maybe I imagined the sharing part.

Re:Android phones pictures?

[jeffmeden]

His complaint was about the cloud in general. So yes, his objection to using dropbox specifically is easy to overcome with many many other solutions, but the fact that they ALL rely on the cloud is still there.

Re:Android phones pictures?

[icebike]

But as other posters up thread have pointed out, the simplest of these don't rely on the cloud at all.
SSH is a perfect example, but so is any other package you can install on your own server.

Google would have found that for him in 30 seconds. I'm pretty sure this was just a way to whore some Karma by posting it on slashdot rather than
taking his question to a more productive source.

Re:Android phones pictures?

[mdm-adph]

He might be talking about PicPlz -- a service very similiar to Instagram. It has the feature of also storing a copy of your photos in Dropbox.

Re:Android phones pictures?

[mattr]

I had and solved this problem today.

Android HTC Evo 4G, shot a bunch of photos and must send to someone.
Not so easy to get multiple photos off the phone, if you want to select them with a UI so you know what photos you are sending.

My solution after googling was,
Get Astro file manager
Get Dropbox for android
Now you can open Astro, go to /sdcard/DCIM, use thumbnails view, select Multi Select mode, and touch a bunch of photos.
Then you make a zip file by clicking New (folder icon) and Zip file. (Old version had zip file as an icon on the top of the screen IIRC.)
Then touch and hold on the zip file you made, and select Send and then Dropbox.
Go to the destination folder, Public if you want to share with a link, you can go up by clicking the back arrow button.
It will get synced to your computer too.
Finally when your computer tells you it was downloaded, control click (mac) or maybe right click in windows, select Dropbox > Copy Url, then open mail client and write an email, pasting in the download link.

That is the best solution I found so far. Why not google? Well I have gigs of spam in there and I don't want to link my android phone to that account. maybe there is a better way but I don't know it yet. Upload one file, easy just click and hold > send. Many files, not so easy. Other option is to use a shell over usb from mac and pull the files with adb.

Re:Android phones pictures?

[AmiMoJo]

Good point, you can now store any type of file on Google Docs so I use it for encrypted backups. I paid the $5/year for 20GB extra storage. There is an Android client for Docs but you can always just use the web interface too. Command line clients are available.

OS clients are also available for Microsoft Skydrive which gives you 25GB for free and accepts any file type.

Re:Android phones pictures?

[jeffmeden]

SSH is a pretty shitty example, if you excuse me for saying so. Name a version of SSH that installs on an android phone and allows for one-click uploading of pictures to a secure location that can be easily accessed later? The realm of non-cloud tools that are designed to solve this problem are pretty small, and for the most part immature, so it makes sense to crowdsource this sort of question beyond the usual "type it into google" mechanism.

rsync.net FTW.

[enselsharon]

I've had personal and business accounts at rsync.net going back over 5 years.

It's simple, it's straightforward, and it works out of the box with everything I use.

Oh, and there's this:

http://www.rsync.net/resources/notices/canary.txt

It's not the cheapest offering, but my employers' account @ 2TB is around 28 cents/GB, per month.

Re:rsync.net FTW.

[enselsharon]

A technical footnote - I use duplicity for encrypted backups on my (personal) rsync.net filesystem:

http://duplicity.nongnu.org/

There's been some rumbling about Tahoe-LAFS integration, which is mildly interesting...

bytehoard

[trghpy]

Look into bytehoard on sourceforge.
It's a dead project but does what you need.

dvcs-autosync

I asked the same question a while ago and found nothing better than my existing messing rsync hack. However since then I've been pointer towards http://mayrhofer.eu.org/dvcs-autosync although I've yet to try it myself.

ownCloud or Wuala

[DVega]

On the open-source front, the only option I know is ownCloud. It provides the software to build your 'Cloud' storage, but you must provide your own hardware.

On the other side, you can try Wuala. It is not Open Source, but it encrypts all your files before uploading them. There are clients for almost every platform.

Re:ownCloud or Wuala

[imamac]

I use owncloud. It it certainly not as robust as DropBox, but it works for my needs. It also has a plugin system for functionality expansion.

Re:ownCloud or Wuala

I do use Wuala and I like it very much.

Now while the data is supposed to be encrypted on my computer before leaving it, I wonder how they do allow me to access my files using the web (you can go to http://www.wuala.com/ and browse your files, even give other people access to it). When I download a file from the web links, the speed is much greater than my local internet access and it works even if my home computer is shutdown.

I guess the real situation is one of those (I would bet on the 1st one):

1. the encryption key is shared with wuala (but not with the other peers)
2. the data ins't really encrypted with a different key for everybody...

So it's is secure from other peers, but not from wuala. Still, it's a pretty good service (you can trade local disk storage for 'cloud' disk storage or you can buy 'cloud' storage...)

Re:ownCloud or Wuala

[tomz16]

I've wondered about this as well... My guess as to how they implement this :

The content is encrypted with a key, stored along with the content. This key is encrypted with your password. (e.g. similar to HDD encryption)
When you make something public your client changes the password protecting the encryption key on that content to something specified by the Wuala public web server.

This implementation :
- prevents your password from ever leaving your computer
- prevents the content from having to be re-encrypted or re-uploaded when you choose to make it public.. you just have to re-upload the newly encrypted key (a few bytes).

Re:ownCloud or Wuala

[IamTheRealMike]

Wualas "web access" is in fact a Java applet. It's not really satisfying because Java is so horribly insecure it's increasingly disabled by default in modern web browsers.

However, I will say that I use Wuala myself and it works quite well. It's generally more on the geeky side than Dropbox - the app has quite a lot of features, but it does everything I need and the client-side encryption gives me peace of mind. What's more - guess what, they accept Bitcoins!

Re:ownCloud or Wuala

I use Wuala as well and I am comfortable with storing normal non-sensitive info up there, however anything real sensitive (like tax docs etc) I encrypt myself before uploading to Wuala. That way I know that even if my data was stolen or handed over it still couldn't be accessed.

Re:ownCloud or Wuala

JungleDisk is a great one. You chose if you want Amazon or Rackspace to act as the storage location, and the JungleDisk client not only makes everything easy (and cross platform), but handles encryption for you.

Re:ownCloud or Wuala

[Troed]

Wuala seconded - I've recently made the switch from Dropbox to it.

OwnCloud

KDE OwnCloud (Cross platform, WebDav and native frontend for everything (windows explorer included) and a HTML frontend) it use Git as backend.

ifolder

[bsmokeman]

Novell open-sourced ifolder. there are clients for linux, windows, mac, and even iphone. Someone just needs to write a client for android.
We are implementing it on a large scale, with Active Directory integration, and 270 mobile laptop users. I understand novell is moving to neutron (their new file/folder sync technology). It should solve some of the issues we had, such as integrating with a windows server, however it will not be open-source. We just used the ifolder client, and a proxy user for everyone's folder to bypass that issue. We looked extensively for a solution, and settled on ifolder, however mobile phones weren't part of the requirement.

Re:ifolder

iFolder is Open Source

Re:ifolder

ifolder (www.ifolder.com) has some advantages, but it uses mono...

Subversion?

[neokushan]

It might not be as convenient and be designed for an entirely different purpose, but it works for me.

ssh + rsync = win!

[WWE-TicK]

I put a Linux box with an SSH server and rsync on my FIOS line. Then I use rsync for Android to sync file shares between the Linux box and my Android tablet. This has been working fine for me. It might even be more secure than Dropbox.

Re:ssh + rsync = win!

[spinkham]

Unison is like rsync, but handles 2 way syncing better.

Re:ssh + rsync = win!

[drinkypoo]

AFAICT both ends have to run the same version to sync. In practice this means you have to either have a totally homogeneous network or build Unison everywhere but possibly one device whose version you have to match. If I am wrong then I am silly. If I am right then Unison sucks.

Re:ssh + rsync = win!

rsync is only one way. You can run it twice to do a 2 way sync, but you also have the issue of deleted files reappearing.

Re:ssh + rsync = win!

How do you get to your box from the outside? Did you register your own URL and use dyndns or something?

Re:ssh + rsync = win!

[drinkypoo]

rsync is only one way. You can run it twice to do a 2 way sync, but you also have the issue of deleted files reappearing.

I give to thee rsync --delete. You have to sync down before you sync up; when doing the pull (or so I shall name it) you use the -u flag ("skip files that are newer on the receiver"), then you do your file deletion, then you do the rsync -a --delete.

If only someone would revive dm-cache then you could do it with a remote mount (on Linux-based platforms anyway) which would be hilarious.

Re:ssh + rsync = win!

[spinkham]

The major and minor version has to match, but not the patch level.

That's why Ubuntu has packages for both 2.27.* and 2.32.*. Those are the only versions you're likely to encounter today, but soon 2.40 will be taking over.

These are all major changes, and worth the compatibility split.

I've never had trouble finding compatible versions in any OS that is actively receiving security patches, and the capability and failure tolerance of unison is without equal. I've never lost data in many years of using it in fairly complicated fashions. If they tried to support multiple revisions of the protocol with the same codebase, without much more engineering it would get brittle and data loss would be much more likely.

Re:ssh + rsync = win!

[pnutjam]

yes, I have a domain at nearlyfreespeech.net. I point a cname record at my noip address.

There is an API to update your nearlyfreespeech dns directly.

Re:ssh + rsync = win!

No, if you delete a file on the client, then do the "rsync -u ... server:. ." download, it will restore your deleted files. There is no "deleted file" record on the client to indicate that the absence of the file is newer than the old file on the server.

To handle deletes in a simple way with rsync, you need to designate one host as the "master" and always sync the repo to match the master, while syncing other slaves to match the repo. That way you can cause deletes to propagate from master->repo->slave.

To handle multi-master replication, you need a more sophisticated change tracking system or distributed filesystem. It needs to be able to remember that deletes were performed along with other changes, and merge the change streams from all masters, including resolving conflicts. The merge and conflict-resolution algorithm usually includes understanding when changes occurred, rather than just that they occurred sometime before now. As such, the temporal granularity of the change stream greatly affects the end result. Tools like SVN, GIT, or Unison all work by having an update step that compares the current working copy to the "last synchronized" copy to infer the changes, including deletes. The granularity of the change stream is however often the user runs "commit" and "update" sorts of actions.

A cheap seats approach with rsync would be to truncate files to zero rather than delete them, while using extended attributes to mark them as deleted. Then, you could use your "rsync -u ..." solution without restoring old deleted files by accident. After synchronizing the truncation and attribute markings to the repo, you could have a reaper eventually delete those files marked as deleted. However, this would mean intercepting all client deletes and doing something other than unlink of the victim file, as well as coping with these odd tombstone files sitting around in file listings.

Re:ssh + rsync = win!

[drinkypoo]

No, if you delete a file on the client, then do the "rsync -u ... server:. ." download, it will restore your deleted files.

No, try actually reading my comment. You rsync -u before you delete files. I guess we know why you don't log in.

Re:ssh + rsync = win!

[dargaud]

To get back to the subject matter: is there an Android version ? Couldn't find one.

Re:ssh + rsync = win!

Hey, great tip, thanks. I don't know if I'll ever set up a web page, but I think I'll do the same thing you did with a linux ssh box on my FiOS. They look like a great company to do this with.

Re:ssh + rsync = win!

+1. I have been using rsync on my android to back it up to my ssh server (which then also rsyncs to an offsite backup server). It's the perfect solution for me.

Re:ssh + rsync = win!

[pnutjam]

Yes, they are. Another option I used for awhile was as simple script that checked my IP and wrote it two an unlinked page on my nearlyfreespeech site. Their hosting is super cheap, so it barely cost anything.

Whenever my IP changed, I could just check that page to get the new one.

You do need to request a RSA key to allow scripts to access your nearlyfreespeech account.

Re:ssh + rsync = win!

I'll admit, I read your comment too quickly to notice you were describing a multi-step workflow. Too bad you took my comment as some sort of attack, rather than as a genuine effort to contribute some technical ideas.

I'm an rsync black belt; I definitely know what it can and cannot do. It's a great tool for creating complex data transfers. But it is by no means a complete or foolproof solution for synchronizing multiple devices that a user might use throughout his daily life (home servers, co-lo servers, laptop, work desktops, work servers, etc). To make that work, there is so much unspecified "protocol" that the user must observe in their data handling, in order to choose which rsync incantation to make at which time, and to never forget which data versions are where. Unison is an interesting attempt to lower the barrier here.

[BTW, I don't log in because I've never wanted to create an account here. I will put my name on peer-reviewed publications, but I don't wear a name-tag when I chat with strangers at a cafe.]

Re:ssh + rsync = win!

[drinkypoo]

Too bad you took my comment as some sort of attack, rather than as a genuine effort to contribute some technical ideas.

No, I took it as a failure to read my comment, which is what it was. You may have skimmed it. If you are going to reply, perhaps you should read.

I don't log in because I've never wanted to create an account here. I will put my name on peer-reviewed publications

Guess what? This is a really twisted, scary, abusive peer-reviewed publication. (It's an unusually transparent one, among other adjectives.)

Even FTP is more secure

[dbIII]

Pretty sad isn't it?
SFTP is far better than both and is open.

Re:Even FTP is more secure

[The+MAZZTer]

That's just the communications protocol and is only part of the service. There are other crucial parts, such as figuring out what to sync, and which direction to sync it, and of course how to store the files on the server securely.

Re:Even FTP is more secure

Pretty sad isn't it?
SFTP is far better than both and is open.

But as the OP mentioned, clicking a pop up once a month is far too exhausting. We must, instead, invest hours of research, implementation and testing so we don't waste minutes of our time over the long haul.

Re:Even FTP is more secure

[MobileTatsu-NJG]

SFTP is far better than both and is open.

...and insufficient in terms of functionality. Oops.

Re:Even FTP is more secure

[dbIII]

How so?
What is wrong with the current SFTP clients in comparison to the combination of a web browser and dropbox or similar?

Re:Even FTP is more secure

[MobileTatsu-NJG]

Are you familiar with how Dropbox auto-syncs?

Re:Even FTP is more secure

I didn't know that SFTP provided an off-site data storage facility?

Re:Even FTP is more secure

Exactly, that is the one feature people often forget when suggesting alternatives to Dropbox. And it's the one feature I use Dropbox for. Automatic, multidirectional syncing between the Dropbox servers and the two computers I run dropbox on.

Re:Even FTP is more secure

[MobileTatsu-NJG]

Exactly, that is the one feature people often forget when suggesting alternatives to Dropbox. And it's the one feature I use Dropbox for. Automatic, multidirectional syncing between the Dropbox servers and the two computers I run dropbox on.

Bingo. The word I'd use to describe Dropbox is 'proactive'. It goes and gets stuff, you don't have to boss it around.
Then there's other niceties like inviting other people to share folders on that account. I send shit to my friend all the time. Dropbox picks it up and his machine downloads it automatically. He doesn't have to go log in to FTP, he just waits and *blammo* his machine has it.

It sucks that it's not secure, I have a million work-related uses for it.

Re:Even FTP is more secure

[rsborg]

How so?
What is wrong with the current SFTP clients in comparison to the combination of a web browser and dropbox or similar?

Key exchange. How do you ensure that the other party has credentials to login? Send via email? Is that secure? ... this regresses ad-infinitum.

With Dropbox (as an example), sharing is either with a group of dropbox users (key exchange solved already as they're authenticated via dropbox) or with the public at-large (ie, insecure).

Re:Even FTP is more secure

[dbIII]

I don't understand why you think the authentication problems are going to very different let alone any better or worse since they work in similar ways and in all cases you need to give some information to the other party that needs to log in anyway whether it's shared key, certs, password, whatever.
For one thing a showstopping flaw in dropbox is that changing a password does not lock out a user although it does give the impression that happens. Even plain FTP from decades ago does not have that problem which makes it an epic failure on the part of dropbox and gives me zero confidence about the remainder of their product.
I have to admit I've never seen it in action, on two occasions I've been told "dropbox isn't working for me, can you fix it" so have gone to see some message about their service being unavailable and have shown the user an alternative that they can use immediately instead.
They tried to reinvent FTP thirty years later and fucked up the attempt instead. Something like it which is not a joke would be ideal, but I think we'll have to wait until Apple or Microsoft have some sort of nifty SFTP point to point behaviour into sharepoint or whatever before we get something decent in the mainstream.

Re:Even FTP is more secure

[tqk]

SFTP is far better than both and is open.

...and insufficient in terms of functionality. Oops.

How? Methinks rsync would be all OP needs. Pointy-clicky interfaces, not considered ...

Re:Even FTP is more secure

[MobileTatsu-NJG]

Here's a list of niceties of DropBox, in no particular order:

- Mac and Windows support. (iPhone and iPad, too... useful in some cases. Also web-support so you can hit the files manually.)

- Auto-syncing, just put the files into the right folder and they'll automatically appear on the server. This is the bit that really makes DB attractive, especially if you are sharing files with other people.

- Easy setup, decent rates. 2 gigs are free, 50 is $10/mo. (or $100 a year). I am unaware of being able to beat that with a co-loc somewhere, insight on that would be appreciated. I was able to tell a client how to get DB running without hassle.

- You can link accounts. I share files with a friend of mine just by opening one of my folders to him. What's nice about that is that as long as his computer is on it'll arrive on his machine, he won't have to go ask for it.

- You can have two computers sync via the ethernet instead of the internet. I personally haven't tried this yet but it's something I wish to look into because I have a laptop that's part of my workflow.

Re:Even FTP is more secure

[tqk]

... Here's a list of niceties of DropBox, in no particular order:

- Mac and Windows support.

I have never understood that argument. Why do they need supporting? Shouldn't they just go out of their way to, I dunno, *interoperate*, like everything else?!? Cf. the bitch session elsewhere here wrt IBM's "inventing" the PC. :-P

No, they're proprietary, so want to suck you into using their proprietary formats. fsck 'em.

... - Auto-syncing

I'm pretty sure rsync can blow the doors off any proprietary *sync* thingie you can suggest. Note, it notes state, and only transmits diffs?

Easy setup, decent rates.

It's just another cloud service, methinks. Good on 'em, I don't want any, thx.

...

Boring. A Samba server could do all you want. I could build you a monster backup system with five year old parts for under $200 (plus my rate) that'd fully automate all of this for you. You'd rather p*** it off into the cloud instead of remain in control of it yourself. Your call.

Btw, no offense meant, and I don't really know anything about DB, but it seems simpler my way, from what I've heard so far.

Re:Even FTP is more secure

[MobileTatsu-NJG]

It's just another cloud service, methinks. Good on 'em, I don't want any, thx.

I'm not trying to sell you on DropBox. I don't mean to be crude, but I do want to be clear: I don't give two shits about you using DB. The only real reason I'd like to keep this convo going is if you can help me roll my own alternative.

That said, I do think you should know about what it does and why it's enticing.

I have never understood that argument. Why do they need supporting? Shouldn't they just go out of their way to, I dunno, *interoperate*, like everything else?!?

Heh. You can interoperate until you're blue in the face, people still have to pay attention to it and make it work. I know Slashdot thinks this is true, but there is no such thing as 'write once work everywhere'.

No, they're proprietary, so want to suck you into using their proprietary formats. fsck 'em.

Principles are fine and all but they don't put a roof over your head. Services aren't, by default, a bad thing. Besides that, we're talking about file hosting, not office docs. There is no 'proprietary format' here.

On a semi-related note: extreme views are still extreme. Slashdotters in general are starting to understand that but the OSS zealots don't.

I'm pretty sure rsync can blow the doors off any proprietary *sync* thingie you can suggest. Note, it notes state, and only transmits diffs?

Okay... so does it actually do auto-syncing? Does it take a lot of setup to do? Can I tell somebody who's not computer saavy how to set it up? If I'm using Windows can I set it up, then tell my Mac user friend to set it up on his end so we can auto-sync with a server in between us?

Boring. A Samba server could do all you want. I could build you a monster backup system with five year old parts for under $200 (plus my rate) that'd fully automate all of this for you. You'd rather p*** it off into the cloud instead of remain in control of it yourself. Your call.

Actually the 'in control' bit is the inhibitor right now. Frankly, even if I had you build this machine for me, I'd still have this problem. I want the files encrypted on the machine. I don't trust you to build it. I don't trust the co-loc to keep their hands off it. I do trust (enough, anyway) to have each file encrypted. DropBox gets me 95% of the way there. I think if I rolled out an approach to encrypt the files before they were sent to DB, it'd be pretty slick. Then I would have to ask myself if it's worth the time to even think about rolling it. That $200 you mentioned (without considering your rate...) covers two years of service and doesn't account for the fact that I want to share with other people.

Btw, no offense meant, and I don't really know anything about DB, but it seems simpler my way, from what I've heard so far.

No no, there's no offense taken over here. Likewise I hope I haven't offended you. Nobody is claiming that DB is some hot new invention, in fact I recall a few similar services a few years ago. What they got right, though, is the simplicity of the app, both in terms of installation and in usage. I used to use Allway Sync + my own FTP server, and that was fine, but then I wanted to let other people in and share. Then suddenly it became too much. That make sense?

I really do hope DB gets their act together with the proper encryption, this could totally help me out work-wise. I do enough tele-commuting that it would be bad-ass.

Re:Even FTP is more secure

[tqk]

You can interoperate until you're blue in the face, people still have to pay attention to it and make it work.

Ah, you're not a programmer. No, that's not true. Anything can be automated, to the point it'll never need to deal with it again.

Nobody is claiming that DB is some hot new invention, in fact I recall a few similar services a few years ago. What they got right, though, is the simplicity of the app ...

Any competent geek can wrap complexity, making magical stuff work for mere mortals. It's what we do, so mortals don't have to. You don't like your app's interface, I'll make you a new one that you can like.

I well remember discussions taking place 30 years ago when PCs first arrived on the market. "But, how will anyone use them?!?" Even accountaints figured out how (I've a pretty low tolerance for accountaints, sorry).

Meh.

Tahoe-LAFS

I don't know dropbox that well, but this might be something you want:

http://tahoe-lafs.org/trac/tahoe-lafs

Ifolder

Ifolder is open source. The client is rather slow but it works...

rsync

[GreatBunzinni]

I believe that rsync is able to cover most of dropbox's features, if not all. By using rsync you aren't bound to any service provider or even internet access. You may not have the flashy web interface and flashy android/desktop client but it is somewhat trivial to implement a front-end to rsync that abstracts all implementation details. If you wish to have some sort of history log then you can always set your clients to implement some form of incremental backup of your repository.

Re:rsync

[profplump]

And unison extends the rsync model to do bi-directional syncing with basically no user intervention and no strict need for a centralized server. It's not quite mobile-ready, but there's real work being one on an ocmal runtime for android, which is probably 99% of what you need to get unison working there as well.

Re:rsync

I believe that rsync is able to cover most of dropbox's features, if not all.

Then you have no idea what Dropbox's features actually are.

SpiderOak

[mlayland]

take a look at www.spideroak.com encrypted storage works on Linux or Windows

cyphertite

Hi
give cyphertite a go. Written by some rather clever OpenBSD guys who are allowing beta testers right now. I personally have been using it for weeks without difficulty.

https://www.cyphertite.com

Enjoy

Re:Cyphertite

Another great thing about them working over IPv6 is that my cable provider doesn't throttle down my IPv6 tunnel packets :P

Re:cyphertite

yeah it is totally bad ass

Ifolder

maybe this could be a solution ifolder. Not related to apple.

ownCloud

[reldruH]

Sounds like you're looking for ownCloud. It's still under heavy development but the file storage functions work very well and it's accessible on Mac, Windows & Linux via webdav and from everywhere else via a web interface. There are also a couple of mobile apps in the works and it runs on a standard LAMP stack. http://owncloud.org/index.php/Main_Page And a blog post about the current status: http://owncloudtest.blogspot.com/2011/06/owncloud-20-just-merged-with.html

Ubuntu One

The Ubuntu One service sounds like the way to go. The client is open source, it runs on Linux and Windows, the server side probably runs Linux. If you're worried about privacy, encrypt stuff before you send it to the cloud.

Evernote

[Unixnoteunuchs]

Evernote (http://www.evernote.com) has stand-alone apps for PC, Mac and the most popular mobile devices, as well as a web clipper plug-in for Safari. Super-simple to use.

*boggle*

While I am guilty of using Dropbox for occasional data storage or quick picture snaps with my Android phone, I do watch out not to store anything important on there (or incriminating), no matter what the "privacy policy" may be.

"While I am guilty of using a screwdriver and a socket wrench to work on my car, I do watch out not to use them for hammering in nails or cutting glass."

Why on earth would you feel "guilty" over using a tool for the purpose it was designed for? Open Source has zero to do with the relative "wisdom" of putting your sensitive/incriminating data into the hands of a third party. If Dropbox were completely open source today, it would still be a colossally stupid idea to entrust your private or incriminating data to their care.

Want a FOSS file hosting service that you can administer and run yourself, has client access for nearly any platform, requires very little administration, and has multiple FOSS implementations?

It's called FTP.

FTP, WebDAV, SCP

[mdragan]

FTP is the traditional method, although kind of dated, some say not so secure. SCP is very simple, there are command line clients, fancy GUI clients, probably works with Android too. Checkout WebDAV too, the Apache webserver probably has a module supporting it, if not, you may find dedicated servers. Probably lots of clients support it.

Been Using....

Tonido for some time.
http://tonido.com/
Have a lot of hope for this one!

Unison

[human+spam+filter]

If you have Linux PC that is accessible from the internet, then just use Unison (http://www.cis.upenn.edu/~bcpierce/unison/). I use it all the time to synchronize my PC at work, my PC at home, and my laptop. It is quite fast, my synchronized folder is currently ~7GB and it takes maybe 10s to check for changes (not sure how Unison manages to do this).

Re:Unison

[drinkypoo]

Unison creates index files which it uses to keep house. Unfortunately, when I looked into using it to copy data between my desktop and my Dockstar running Debian, it told me the versions were mismatched. So I looked into it and from what I could tell the actual version numbers have to match on both ends. This is pretty much a deal breaker when you bring mobile devices into the mix, especially since it doesn't exist for them yet (unless you have a N900 or similar.) So I still use rsync, I just run it twice. I'm mounting nfs over GigE so this is not so awful.

Re:Unison

I heard about Unison a long time ago but never actually used it so far. Does it provide the functionality to share (almost seamlessly) a folder or file with other users?

Re:Unison

[Kz]

So I still use rsync, I just run it twice. I'm mounting nfs over GigE so this is not so awful.

If you're using rsync over NFS, you're doing it wrong!

Re:Unison

[drinkypoo]

If you're using rsync over NFS, you're doing it wrong!

I've been too lazy to figure out how to use encryptionless ssh, which I know is pretty astoundingly lazy, and the machine to which I have been syncing is very slow. The machine to which I will be syncing is even slower; It's a Geode GX, I think it runs at 233MHz. Let's see...

cpu MHz : 266.629

Just a tad over. So probably I should figure out how to do it "right" since I will be using 100Mbps instead of GigE.

Re:Unison

I just gave Unison a try.... It's packaged in Debian lenny, so it was very easy to install..

Worked great on all my Linux PCs..
The windows installation was very difficult and time consuming...

Overall, I'm happy with it..It's a lot more convenient than using Filezilla..

I tried to get Sparkleshare and syncany working on my Linux boxes, but they're both too difficult to install on my Debian oldstable boxes because I need to backport a crazy number of libs...

apt-get install unison unison-gtk

done...

  More people should know about Unison...

Re:Unison

[qirtaiba]

There is a Unison backend for Sparkleshare in development. This will combine the best of both worlds. Sparkle has been criticised for using git as a back-end, which is not very efficient for storing large files and can waste large amounts of space. Unison is lighter-weight for those who don't need the ability to roll back to previous revisions of files. So soon you'll be able to take your pick.

Gollum or duplicity

[jedibrand]

http://www.linux.com/archive/feature/152262 http://www.linux.com/archive/feature/154149 One of those must have a api...

Re:Gollum or duplicity

[jedibrand]

Oops, that should've read "Gollem and Unison", and hopefully Unison has an API from which to create an Android app...

Not all Android devices have Market and Picasa

[tepples]

If he has Android, he has google.

Not necessarily. Android-powered devices not using the Open Handset Alliance version of Android don't get the non-free Google apps.

Re:Not all Android devices have Market and Picasa

[icebike]

But Picasa is free.

Re:Not all Android devices have Market and Picasa

Not on Android.

Re:Not all Android devices have Market and Picasa

My HTC EVO 4G doesn't. My OG Droid did natively allow synch with my Picasa account via the image gallery, my HTC will sync with Flikr but not Picasa where all my photos are.

AC-Out!

personal nas tryecrypt

QNAP NAS and my cloud NAS service is an option giving you control of the data store its self. But being very security conscious read paranoid I still would be very careful with what I exposed to the internet and the potential interest of the likes of lulzsec / anonymous / big-brother / hackers trolling the interwebtubesetc .

use truecrypt to encrypt files before uploading

Pogo Plug?

[Nexus7]

I thought of this when I read the posting, because B*y.com sent me junk mail today about a sale on Pogo Plug Black. There's a Linux distribution for these - http://plugapps.com/index.php5/Main_Page.

Your own cloud.

Re:Pogo Plug?

[MattBD]

The PogoPlug does the same kind of thing as Dropbox out of the box - you buy the device, connect up some storage devices to it, sign up for an account and you're pretty much good to go. The Linux distro you mentioned actually kills this functionality and turns it into a small server, so for this person's needs the default works fine. The default OS is embedded Linux, though, and the clients for it work fine in Linux. I have one, but I'm using it to run Debian Squeeze off a flash drive, and I'm using it as a mail, web and Usenet (leafnode) server.

Re:Pogo Plug?

[TastyCakes]

I have a pogoplug but was not particularly impressed with it. The main problem was that it was super slow. I don't know if it was just my ISP or if it's routing everything through pogoplug servers (I'd heard the latter) but I'd be lucky to get 30kbs on it from a computer on the other side of the city. The other problem is it has (or at least had) a bunch of bugs in it, and the web interface was brutal.
I replaced it with a $100 desktop i bought from the recycling depot and run an FTP and subsonic on it for hosting music. I find this much more effective than the pogoplug was, although maybe if I'd had more patience I could have gotten it to work better. It also allowed me to install tversity to stream movies to my play station. They aren't FOSS, but they are free and I'm very happy with subsonic and tversity so far.

Re:Pogo Plug?

[jeffmeden]

Snap, that deal is pretty good (half off retail) and its getting gobbled up fast (its the no.1 seller on said site today.) See slickdeals for more info.

Re:Pogo Plug?

[just+fiddling+around]

I'm currently moving in that direction, and I will probably get a Guruplug. Same low-power processor, a little more memory, same USB connectivity to a HDD, but with Wifi. I will stuff it in a closet somewhere so if a burglar comes around I will not lose my backups. Plus, there are two interesting distros avaliable offering DLNA and "personnal cloud" functionnality: Tonido and an open-source one.

Tonido

I would say host it yourself. I use Tonido running on a SheevaPlug with a 1 TB USB disk. You can also get the software for x86 running Windows, MacOS X, or Linux. They have apps for BB, Android, iPhone, and Windows Phone 7. You can also remotely mount via WebDAV. And they give you a free dynamic host name, if you want it. My setup is fast enough to stream movies (and it is pretty easy with their web interface.) There is other useful stuff like calendars you can sync via iCal, a torrent manager, and a host for OpenID. There's also less useful stuff like a finance manager, blog, P2P photo sharing, and lousy backup suite.

Are there Dropbox clone for for ordinary webhosts?

[boldie]

I'm using shared web hosting. The webhost provides FTP access, perl, python, RoR, PHP, MySQL,Curl and all the usual stuff and a lot of storage and bandwith. Is there any OSS stuff I can install on the server that have good clients for win, linux and maybe even android?

I must be behind the times

[future+assassin]

People actually have enough time these days in their daily lives to fill up their phones memory/micro sd cards on every day usage? Or is this just people trying to look busy so others think they have somthing going on in their lives.

If you take so many photos you abviously want some quality in the image so why not just get any of the 100's of digital pocket cameras out there?

Re:I must be behind the times

[thebra]

People actually have enough time these days in their daily lives to fill up their phones memory/micro sd cards on every day usage? Or is this just people trying to look busy so others think they have somthing going on in their lives.

If you take so many photos you abviously want some quality in the image so why not just get any of the 100's of digital pocket cameras out there?

I own an Android phone that I use for video/photos when I don't want to bring my DSLR with me. The picture quality is fine for snapshots from my HTC Thunderbolt. Also my phone does 720p video which obviously requires a lot of space. I can see how it is quite easy to fill up your phones memory with video and images.

Re:I must be behind the times

[Mordocai]

People actually have enough time these days in their daily lives to fill up their phones memory/micro sd cards on every day usage? Or is this just people trying to look busy so others think they have somthing going on in their lives.

If you take so many photos you abviously want some quality in the image so why not just get any of the 100's of digital pocket cameras out there?

Well, I would assume that the main reason he wants to use remote storage is in case something happens to his phone. Even if a sledgehammer wielding maniac smashes his phone to bits, he still has his pictures safe on the remote storage.

Re:I must be behind the times

[Atzanteol]

That's okay. It's called "getting old." But the good news is that at some point you'll be so senile that the world will stop being scary and confusing.

WebDav

I use SVN with WebDav. I can mount it on all of my devices, android, ipad, OSX, Windows, and Linux.
I get revision control.

It works incredibly well. I control how secure my environment is as well. While WebDav isnt the most secure, you could setup a VPN and hide it behind a firewall and use encryption.

nephthys

[higuita]

For share with others, a perfect replacement for FTPs i use nephthys. Its based in webdav with a very simple web interface to allow users to share files. It auto expires shared files, so you do dont waste space with forgotten shares.

the git needs a few tweaks to work in a recent debian ( i will send a patch do the developer in a few days/weeks)... the .deb packages didnt worked for me

yet this is a very simple solution and works very in windows, macox and linux

it is almost unknown, but it saved me from thousand of user calls asking for help with ftp problems (clients, access, quotas and transfer)

Missing the point somewhat

[93+Escort+Wagon]

In this discussion a lot of people are totally overlooking the user-friendly aspects of Dropbox, which is really its main selling point (yeah, I realize it's Slashdot). Once set up, the end user doesn't even have to think about it. And the cross-platform clients work well enough that you don't have to really think about whether you're on a Windows box, a Mac, or an Android phone.

I wouldn't use Dropbox for anything sensitive, but it's great for stuff like keeping the family's grocery list. I even use it for some work-related meeting notes (these aren't secure - if anyone saw them it wouldn't cause any issues) - I can edit them on my computer, and when I go to the meeting (or grocery store) they're available on my phone without my having to remember to transfer them beforehand.

All that said - I'd love a equally user-friendly Dropbox alternative that I could host on my own server.

Re:Missing the point somewhat

[edmicman]

Plus you can easily share a dropbox folder with another user, and collaborate on those files. And everything stays in sync there, too.

lipsync!

Here's a project that allows you to self-host a service equivalent to DropBox: http://philcryer.github.com/lipsync/

Incriminating? On the cloud?

[interkin3tic]

If you have incriminating files, why are you storing them on the cloud at all? It seems doubtful that the fourth amendment would protect stuff stored via cloud computing. Maybe it was just an odd choice of words, or not "legally" incriminating, but if physically securing your files is an option, that would probably be better. I have a hard time putting my faith in data storage I can't see. My gut feeling is that for -most- circumstances, a USB drive on your person would be more secure than anything on the cloud.

WUALA

I dont think its opensource but its free, and stores your encrypted data in the cloud via a P2P setup.
http://www.wuala.com

Why not WebDAV?

[DdJ]

Is there a reason not to use WebDAV for this? I know there's a WebDAV server (optionally) built into Tomcat, and I expect that there are others out there. I know there's terrific WebDAV client access from MacOS, Windows, and iOS, and the last time I checked (many years ago) there was adequate client access from Linux if you went looking for it -- I assume the situation on a modern desktop is completely adequate now?

Re:Why not WebDAV?

Funny, I was thinking along those exact same lines, but:

a) with Apache HTTPD DAV + SSL cert; and
b) there has to be a FUSE module for WebDAV

Which would make accessing via Linux trivially easy to set up, maintain, and secure.

Re:Why not WebDAV?

[ebunga]

That would be too simple, use standards, and actually make sense. That has no place in ask slashdot.

rsync

[emt377]

rsync or sftp

Of course, if you have incriminating evidence on your phone/server then privacy won't help much if law enforcement shows up with a search warrant. It's easier to obey laws in the first place to void this particular problem.

Build your own cloud

[flinkdeldinky]

The Linux Action Show in episode s16e10 describes how to ditch Google Docs, gmail, etc. I believe they continue with the project in s17e02

This requires your own server though. But it's all linux based softwares. Pretty cool episode. YMMV....

FTPBox Project

You may try FTPBox... it's in Beta, but is a pretty good Dropbox replacement: http://sharpmindprojects.com/project/ftpbox/

Support?

[mchawi]

Are there any options that would work for internally hosted solutions (your data center not theirs) that would have support?

I have heard this question multiple times, but one of the requirements for some enterprises is to have support. Do any of these products (or similar, open source or not) that include support?

IFolder...

Previously by Novell, now OSS. Clients for Linux, Windows and OSX.

http://www.folder.com/ or straight to sourceforge..

Drop dead easy, with all the ease of use of DropBox and with tons of enterprise-type features for the /. crowd.

sparkleshare

Still not fully ready, but close.

Re:Incriminating? On the cloud?

If you have incriminating files, destroy them. Now. I mean really, why would you hang on to that? To make some silly villain speech detailing your master plan to the cops just as they close in on you?

Alt approach

[MobileTatsu-NJG]

I've skimmed the threads here for alternatives and for various reasons they're not ideal. So I wanted to ask about an alternative approach: What about encrypting each individual file? What about using WinRar or .ZIP and password protecting (and compressing!) the file individually? Preferably something where I could right-click on the file, enter a password, then there's a password-encyrpted file ready to be sent through DB.

Is there a secure solution this way? Is it both PC and Mac compatible?

Re:Alt approach

[gr8dude]

There is, take a look at Keeper:
http://lazybit.com/index.php/2009/08/13/keeper-4-0-preview

Here are the current binaries:
http://dl.dropbox.com/u/3258602/DK-release/Keeper-dusk-x64.zip
http://dl.dropbox.com/u/3258602/DK-release/keeper-dusk-x86.zip
http://dl.dropbox.com/u/3258602/DKbeta/Keeper-mac.zip

I can give you (or anyone else who gives it a try and provides some feedback) a free license, if you like it.

SSH

[munky99999]

1. Get a cheap VPS.

2. SSH -> sshfs for linux or expandrive for windows.

3. Have a folder named public in the folder you sshfs. Have that be the root of your webserver directory.

P2P File Sharing Networks already do this

[CLaRGe]

A solid open source offering should not be based on the cloud, but based on a P2P model, because cloud storage is too centralized a model and someone will have to pay for it. P2P file sharing has been providing DropBox-like functionality for years. But both the smarmy reputation and the lack of file system integration left an opening for DropBox.

Re:P2P File Sharing Networks already do this

[MikeBabcock]

Something similar to Freenet but more lightweight would be interesting, creating true cloud storage distributed among all the users of the software.

iFolder, and no, it's NOT apple

[perotbot]

ifolder, from Novell, but open sourced now. secure and encrypted and you can make it as big or small as you want. And it has a web interface..... ifolder.com

Re:iFolder, and no, it's NOT apple

[yarnosh]

Well there you go. That sounds like a winner. Though I'm not sure if people are hoping for the storage part to be "open source" as well. Obviously that would be a lot to ask for, but who knows. Maybe some people don't understand that storage is not free.

Re:iFolder, and no, it's NOT apple

[perotbot]

storage is never "free" (in terms of beer or speech) but rolling this onto your own Amazon boxen might not be a bad idea

RSync, of course...

[Anaerin]

You can use rsync for this. And if you want it more complex and fully automated, you can add lsync to automatically push local changes to the "Master" server, and a post-xfer-exec script on the "Master" server to push changes back out to the other "Slave" servers (If they're connectable). I'm intending to put this in place for a multi-way (3, in this case) sync system myself.

WebDAV and App Syncing

[Zott]

This may or may not be helpful.

I have my own server running WebDAV. It's "stock" Apache, the DAV module is included. A couple of people have mentioned Subversion, but of course that overlays functionality that may not be necessary or practical. DAV is fairly simple, and dedicated to supporting an essential set of semantics for accessing files.

The reason this may not be useful to you is that my primary use of the server has been as my "remote" fileserver, for Mac and Windows clients. In some sense, it'd be easier if I wanted to set up CIFS (Samba) or AFP (Apple), but neither of these work all that great when you have significant latency, which is the case if the server isn't right there physically to where you're working. Many iOS apps have taken to being written to directly talk to things like Dropbox, or WebDAV. That may not be true about the Android Apps that you care about. I agree with the premise that Dropbox doesn't give a warm fuzzy security feeling, though the functionality is very nice.

Setting up WebDAV on Apache, secured with TLS, isn't all that difficult. The protocol works well in a high-latency environment. The one technical issue that I've found is that there aren't good solutions for access control - it's not easy to set up multiple user accounts for one server and enforce separate access for those users. I've looked at a few kludges but nothing that seems satisfying.

Depending on your specific need, though, don't rule WebDAV out.

How about encrypted zip files for the secret stuff

[wernst]

Surely not *everything* in your Dropbox folder is private and sensitive? Sure, your Excel spreadsheet with last years' taxes are, but your vacation photos?

For those few files I have that I consider sensitive, I just zip them up with a long/strong password and use encryption. There are a few Android apps that can deal with these zip files, and I know all my desktop OSes can.

Syncany

Another OSS Dropbox-like software: www.syncany.org/. They have an interesting architecture and the project looks compelling. They've got some ways to go, but it looks very promising.

You encrypt it yourself

[nedlohs]

So the privacy/etc policy of the provider doesn't matter in the slightest.

Treat it as a world readable file, doing anything else is being retarded.

You can't have it both ways

[A+nonymous+Coward]

If you know enough about security to deal with SELinux, you can't have been surprised to find that Dropbox employees, and NSA/CIA/FBI with Dropbox-supplied access, can read your files. Regardless of whether they are encrypted by Dropbox while on the Dropbox servers or not, there is no other way they could send and receive arbitrary files without this capability. Either you are pretending to know nothing about security, or pretending to know something.

Re:You can't have it both ways

[BitZtream]

Or, you can encrypt on the client and send only encrypted data to the servers which prevents the servers and the owners from getting at your data while still maintaining the same service offering.

Its not even a little bit hard, it just requires a clue. A clue both you and Dropbox are missing, but a clue none the less.

Stop pretending you know about security and encryption, and PLEASE stop telling others about how it MUST work when you clearly have no clue.

Re:You can't have it both ways

[AvitarX]

They need to be able to distribute the key too though, as the web interface allows a log-in from everywhere.

It could I suppose generate the key client side, then encrypt the key with the password, then send that to the server.

I don't know how much can be done in pure HTML, but it sounds impractical to have the web interface without using some sort of applet on the client side for file browsing and decrypting, is it possible to decrypt a download using only HTML/JS, how about the file browser itself (though meta data could be sent separately from the client and stored unecrypted).

I think it would alter the nature of the product significantly if all data was stored that way (applets on web browsers, or no web browser), though, an option for a secure folder that was inaccessible by web would work well, as with an actual application you could do whatever you wanted.

I think any user that has seen this page should know they can access your account (even if the software they wrote doesn't let them at the moment, the pieces are there).

https://www.dropbox.com/forgot

the storage of a

Use Truecrypt

[Gailin]

Just place a Truecrypt file in Dropbox. Encrypt the heck out of it, and use that for storage and syncing. It doesn't take much longer, and leaves you with a warm and fuzzy secure feeling :) Since Truecrypt runs in portable mode, you can just put the Truecrypt files outside your encrypted storage and access it anywhere you can get web access. I put anything I want to secure in my Truecrypt file, things I don't care about (music, video, some pictures) I just use Dropbox normally.

Re:Use Truecrypt

[bhima]

This is an incomplete solution because it makes it very difficult to share files to unskilled users.

Re:Use Truecrypt

I had heard that dropbox syncs truecrypt correctly by sending only the changed parts of the container, but I have the latest version of both, and every time I dismount my TC volume it starts reuploading the entire file (480MB).

This may have something to do with my Windows configuration, as I've disabled some filesystem features and logging abilities, but considering dropbox is cross platform I doubt their client relies on windows/ntfs features

Re:Use Truecrypt

[gutnor]

Something I was wondering. Does that work really well, from a network transfer point of view ? I was under the impression that a TrueCrypt file (like a 2 GB disk) would change significantly for even a small change ?

For OSX users, there is also the option of using a compressed (encrypted) sparse image. It is a little less secure than TrueCrypt (only 256 bit AES) but it will split the file in chunk of 2MB. (OK, it also lacks plausible deniability and other features, but for the purpose of adding client-side encryption to Dropbox, that does not matter)

Re:Use Truecrypt

[Acutus]

A better solution for encrypting Dropbox content is using BoxCryptor (Win) + EncFS (Linux + Mac). Those are file-by-file-encryption tools which encrypt each file individually. No network overhead and you can still use features like file versioning or undeletion.

http://www.boxcryptor.com
http://www.arg0.net/encfs

Re:Use Truecrypt

[alienoide]

Use pwgen to generate secure passwords, e.g. pwgen -sy 128 1 > mypassword.txt Use steghide to protect the password. Of course use a very large mp3 or jpg. Truecrypt is a wonderful client-side encryption tool.

Re:Use Truecrypt

[gr8dude]

What is the size of the encrypted image?

The trouble is that it will indeed take a lot of time to sync, even if the changes are insignificant; but since you say it doesn't really bother you.... Hmmm. Is your image less than 100 MB?

Files locked and backed up

[Comboman]

I believe that the file is locked while updating. This is only really an issue if you are using Dropbox collaboratively (i.e. two people making changes to the same file at the same time), but even then Dropbox saves older revisions of files SVN-style so you can rollback to a previous version if there are problems.

By the way, if anyone doesn't already have a Dropbox account, if you use my referal link we can both get an extra 250MB of free storage space.

git/cvs

what about git or CVS, i keep all my important files last 6 years in cvs.

Syncany?

Syncany

Open source with versioning, client side encryption and file manager integration.
Backend support: FTP, IMAP, Google storage, S3, Rackspace cloud files, WebDAV, Box.net, SFTP/SSH

Re:Incriminating? On the cloud?

You just committed conspiracy to obstruct justice in many jurisdictions by advising someone to destroy incriminating evidence.

pogoplug

get a pogoplug

Spideroak

[water-and-sewer]

I use Spideroak and like it. I'm actually surprised no one else has mentioned it; it's even present in openSUSE repositories and possibly Ubuntu as well. It's not opensource but it works great, has full data encryption, and runs on Windows, Mac, Linux. You get 2GB free. I use it only to mirror my dotfiles and a couple of other key docs, and I'm well below the limit, so I don't pay. You can sync files across computers, and make others available from a publically-accessible web page.

No complaints from me. I do wish they offered the "send us an email and $5 and we'll email you a burned CD of your files" thing, but so it goes.

Cyphertite

I am using a new service call Cyphertite (https://www.cyphertite.com).

They have an open source client that compresses and encrypts my data, THEN sends it to their servers. Even they cannot read my data, which is a nice alternative to a lot of the fakes out there.

So far, their beta works great. Full backups and differential backups are smooth. Plus it works over IPv6. Who else does?

Only Part of the Question

[bhima]

Asking what is an alternative to dropbox is only part of the question.

The whole question is what is an personal & private alternative to "the cloud".

Eben Moglen's FreedomBox effort is part of the answer but I am not aware of a more complete solution.

A New Dropbox Clone (called Asink)

[aclindsa]

I've been working on my own Dropbox clone. It seeks to address some of the problems I've found in the other open source Dropbox clones which cause me not to use them:

- No using git. Git is fantastic for text files, but not for binary files. I want to be able to drop lots of pictures. (rules out Sparkleshare)
- Must sync files between multiple computers nearly immediately, without running synchronization manually, or setting up a rsync cron job. (I.e., if I update a config file on one computer, I want to be able to go into the other room, and have it Just Work. This seems to rule out Syncany - but someone correct me if I'm wrong. Also, ownCloud doesn't have client other than the web client, so they can't do the nice sync like Dropbox's).
- Support multiple storage mechanisms in a "plug-able" way. This also means encryption will be extremely easy to add. (ownCloud doesn't seem to support any storage other than locally on the main server)
- No bloat! All I want is to synchronize my files, nothing more (ownCloud).

For now, I've been calling it "Asink" (for both "asynchronous" and "a sink" for your data). I'm doing development at https://github.com/aclindsa/asink. I am close to having it working with storing files to my personal server over SSH, but it will be a few more weeks before I think its ready for a first public release, as I only made the first commit a little over a week ago.

Re:A New Dropbox Clone (called Asink)

This looks like it could be really great!

cloud security

Sure you can encrypt stuff, but other fates can befall your data than someone else reading it. E.g. the cloud hoster could just toss it, at the request of

There isn't or you should rephrase your question

[amn108]

First you mention how the cloud shouldn't be trusted and then ask about alternatives to DropBox?

The essence of DropBox IS cloud! WIthout the cloud, it's just a storage box (no pun intended) you connect to via a file transfer protocol variation, perhaps also on top of a shell integration of some sort. Given how you want a Linux backend, why don't you simply register with www.hetzner.de to get yourself a quad-core 8Gb RAM bare-metal Internet-connected server with plenty of hard drive space for 50â a month and do with it everything you like, including setting up that file transfer protocol of your liking so that you can store whatever you want on it, however you want. If you want the de-facto gratis option, just share the box with 50 people - paying 1â each for substantially improved privacy plus some spare generic CPU-cycles is good, no? Versus Dropbox I mean, which I agree with you kind of sucks in a way cheap chinese toys do.

That said, good luck! I know this was chosen posted here to kickstart a debate rather than fish out THE ANSWER - the question was "rhetorical" :)

Anybody mentioned Melissi already?

Yet another upcoming FOSS alternative to Dropbox, called "Melissi" (http://www.melissi.org)

TeamDrive - you can host your own private Server!

http://www.teamdrive.com/
pros:
- its encrypting client side
- you can host your own server in your intranet or on your own public server
cons:
- its proprietary
- the clients cost money if you need more than 2GB

CloudFS

[wytcld]

Instructions to "Build Your Own Dropbox Equivalent." CloudFS is an offshoot of GlusterFS, which is not quite ready for prime time, but getting damn close. So you'd be cautioned about trusting corporate data to this setup. For less vital stuff, it should work well.

Re:CloudFS

[Salamander]

(NB: I'm the founder/lead for CloudFS)

Thanks for the mention. To be quite clear on this, the at-rest encryption that's currently in CloudFS is not as secure as we'd like it to be, or as secure as it will be when it's released. To put it another way, it's more secure than Dropbox or Jungledisk have proven to be, it's probably more secure than a couple of dozen other similar cloud-storage options (it's hard to tell since so many are not open source), but it does have flaws. To be more specific, it's secure against inspection by someone who only has the ciphertext - such as your cloud provider. However, it is not secure against transparent modification (flipping a bit in the ciphertext flips the corresponding bit in the plaintext). Also, since it's currently CTR-mode encryption, if someone has both ciphertext and plaintext for the same part of a file then that part of the file becomes readable from just ciphertext thereafter. These flaws are not acceptable; the current code is only a stopgap. This is exactly why I made the point on Twitter recently that even the strongest ciphers with long keys can still result in weak protection if used improperly. I'm sick of seeing cloud-storage providers crow about how strong their transport encryption is but say nothing about on-disk encryption, or mention using "military grade AES-256" on disk but say nothing about how. Worst of all are the ones -who require that you give them keys - which for all you know will be stored unprotected right next to the data.

The good news is that I've been consulting with some real crypto experts - I admit I'm not one myself - on this. We've worked out a block-based scheme that all involved believe will address the above flaws, while also handling concurrent writes correctly (something most "personal backup" alternatives fail to do). The performance cost is more than I'd like, but I think it's no more than necessary and the parallelism inherent in the underlying system should still yield more-than-adequate performance. I've already begun implementation, and will fully disclose all the details once I get a bit further along.

Dropbox clone, lipsync

http://philcryer.github.com/lipsync/

But with regards to "not liking dropbox", what's the problem with storing encrypted files? Is this some "dropbox is not cool now" phase?

Tonido Plug

[Excelsior]

Tonido plug is an open source wal mart server, similar to PogoPlug. I've never used it, but it sounds like exactly what you are looking for. FLOSS Weekly had a nice episode on Tonido. They have web, iOS, Android, and BlackBerry clients and are completely OSS, including the server and clients.

Re:Tonido Plug

[michaelbuddy]

people should know that tonido works cross platform on the desktop and servers of course. I think this would be maybe more helpful if they wanted to load it on a home box. I was thinking I'd create a home server with the open source Amahi software on an ubuntu or fedora setup, and load the tonido plugin extension into Amahi.... by plugin I mean the software addon not the actual plug device.

Re:Incriminating? On the cloud?

[interkin3tic]

Wouldn't that require specific knowledge of the crime?

Wait, am I applying common sense to laws?

I's say even plain email is more secure than dropb

[dbIII]

Just plain rsync over ssh then if you don't want any of the extra control an SFTP client gives you. Why are people pretending that dropbox is anything special instead of just a crappy workaround for email attachment size limits?
Yes I know about dropbox and that how they tired to reinvent FTP and managed to get even worse security - you can't even change a password to keep a former employee out of a work dropbox that's how stupidly broken it is. Do a search of articles on slashdot about dropbox and you can learn more about it than you would ever want to know.

for those who already know about it

There's one called Freenet. It's not very reliable, but you could host anything you'd want there. /obviously_joking_but_i_had_to_say_it

Tahoe LAFS

Distributed, Encrypted, Open Source, Least Authority FS
http://tahoe-lafs.org/trac/tahoe-lafs

Re:I's say even plain email is more secure than dr

[MobileTatsu-NJG]

Why are people pretending that dropbox is anything special instead of just a crappy workaround for email attachment size limits?

All those people have something in common: They used it.

encfs

[bluegeek]

The trick is encrypt everything you sync in Dropbox. This can be done transparently. I use encfs and I only sync the encrypted directory to dropbox. I use this solution in my linux, windows and OSX machines. http://www.arg0.net/encfs http://wiki.dropbox.com/TipsAndTricks/IncreasePrivacyAndSafety -- blue

Re:I's say even plain email is more secure than dr

[dbIII]

I've had something better for longer than it has existed so why should I use it?
I have seen it in operation. I've seen people attempt to use dropbox when the dropbox server has been telling them to wait for access to their service and have instead told them how to use something that is immediately available. I've also looked into the service and seen that it is unsuitable for anything that you wouldn't want reprinted in a newspaper - so not even as good as email with large attachments allowed. In an environment where you have multiple clients that are in competition with each other it's a showstopper since it only takes a minor stuffup on the part of the user for them to have access to files intended for someone else.
Let's face it, they tried to replace a thirty year old program and failed so badly that you can't even cut off somebody's access by changing a password but it makes it look as if you can.

iFolder!

http://www.kablink.org/ifolder

Syncany: opensource+local encryption+backends

[catchmeifyoutry]

Another interesting open source alternative that is currently under development is Syncany: http://www.syncany.org/ . Two advantages over most of the alternatives are: - local file encryption - support many different backends, such as SFTP/WebDav/Google Storage/etc.

Re:I's say even plain email is more secure than dr

[MobileTatsu-NJG]

I've had something better for longer than it has existed so why should I use it?

So that you know what 'better' actually means.

Dropbox is better than you

I can tell you that even if you are using secure software to perform your file synchronization, you probably don't have the experience necessary to secure the platform. After that, security is a moving target, so you won't have the experience or commitment necessary to effect policies, audits, and other necessary security maintenance. After that, you will not have the high redundancy and high data survivability that comes with a commercial datacenter.

"Cloud" solutions are simply more secure than what a single person can put together. Perhaps they are a bigger target than your individual system, but they are much more secure.

That said, the easiest thing to do as others have mentioned is a VPS for $20/mo and then run SSH mapped to the client's filesystem. I've used this solution for years. Works great.

Focus on RISK, not security

[davide+marney]

Dropbox isn't just a "cloud" app; it spans both cloud and local platforms. Every PC you setup with Dropbox is a local backup copy. Even better, you can selectively partition your repository onto different machines. And, Dropbox keeps a rolling history of every file, going back a month.

Dropbox makes your data thoroughly pervasive and robust, with a minimal amount effort. The risk of data loss is much, much greater than the risk of being hacked. How many times have you lost a hard drive? Or accidentally deleted an important file? Or had your computer stolen? These things happen all the time, and they are very debilitating.

We ought to be practical and focus on the real risks we're likely to face. Much as we would like to think we're important enough to be a LulzSec target, the reality is we're all pretty boring, data-wise.

Re:Focus on RISK, not security

Who cares about LulzSec? I'm concerned about DROPBOX accessing my files.

Re:Focus on RISK, not security

We may be boring, but hackers like lulz do broad sweeps at times... and seem to get jollies mass releasing random info to the public, like the current email&password breach. It may be moronic to use the same pw on writing site as your bank, email, work or other places, but, all to often it is true. Those people on that list are in serious jeopardy of ID theft or worse.

I simply cannot justify keeping my personal data synced into an environment like dropbox. It is a dataminer's dream... Your tax returns, bookmarks, web history, named photos, and other seemingly useless, innocuous stuff can be worth it for them, and, in some cases, massively embarrassing or lead to being fired from work, divorced, or otherwise ostracized.

"Put nothing on the internet you wouldn't want everyone to see" is a great adage, but, I suppose some people like posting their weiners... So, really it's all relative.

What has OS ever done for us...

[itsdapead]

...apart from Sendmail, the Berkeley TCP/IP stack, the original httpd (and then Apache), BIND... the infrastructure of the whole fracking Internet really.

Having a kernel to run the GNU tools on is handy, as is having a free, industrial strength C/C++ compiler.

What they've done for the non-technical user is a bit of a harder one, though.

Re:What has OS ever done for us...

[CharlyFoxtrot]

Basically the whole internet infrastructure was developed before there was even a FOSS movement as such, I count it more as proto-OSS. But yes, that was a rare instance of open sourced software taking the lead and look where it got us ! I just which the big brains did things like that more often.

Re:What has OS ever done for us...

[obscuro]

Don't forget Torrents.... When was that closed source?

lipsync

[fak3r]

as others have stated, checkout lipsync, https://github.com/philcryer/lipsync in the interest of full disclosure, this is my project, but I've gotten great help and feedback from the community. while I don't have the GUI goodness of something like 'sparkleshare' I'm focusing on the backend with Linux, osx and eventually windows as client options. The issues that have arisen since we started this just bolsters my original intention, so come on, download it, try it out, and point out how bad it is! I'm all for making it better!

Freenet

Secure, distributed and reliable, free, encrypted; what else could you want? It's a lousy nntp-replacement but it makes a great dropbox.

What about ifolder?

What about ifolder?

http://www.kablink.org/ifolder

Its old but until Sparkleshare is ready I see it as the only option that puts you in control of your data.

OwnCloud + own server/hosted server

I would never touch dropbox (or Ubuntu one in other hand) as they are never secure enough.

Instead I would install OwnCloud (F/OSS) to own server or my rented server where I can really transfer all data encrypted on my computer.
http://owncloud.org/index.php/Main_Page
http://owncloudtest.blogspot.com/2011/06/getting-your-owncloud.html

And there is Google Summer of Code project to make a Android client
http://www.google-melange.com/gsoc/proposal/review/google/gsoc2011/mtgap/1

Any corporation what are privat or for profit will never offer any cloud services secure enough no matter how much they market how "secure" it is.

The OwnCloud project was started by author of opendesktop.org and its sub-domains like kde-look, kde-apps, gnome-look and so on.

And OwnCloud + Diaspora + own server is great combination

Syncany

[merick]

Syncany (http://www.syncany.org/) aims to be exactly that (Dropbox replacement). It has a Linux and Windows client. It supports syncing to a number of services and encrypts *before* going over the wire.

It is a young project, but developing quickly. It's one I "have my eye on".

The Ubuntu UK Podcast interviewed the creator. Check it out. http://podcast.ubuntu-uk.org/2011/05/25/s04e07-powerslave/

You can use a variety of file stores. Some very unconventional:
* Local Folder: uses any local folder as storage. This could be any mounted device, network file systems (NFS), or any virtual file system based on FUSE.
* FTP: uses an FTP folder as remote repository.
* IMAP: uses an IMAP folder as remote storage. Stores file chunks as e-mail attachments.
* Google Storage: uses a bucket in the Google Storage service as repository.
* Amazon S3: uses a bucket in the Amazon Simple Storage Service as remote storage.
* Rackspace Cloud Files: uses a Cloud Files container as remote storage.
* WebDAV: uses one folder in a WebDAV as remote storage.
* Picasa Web Albums: encodes the file chunks in images, and uses a Picasa album as repository.
* Windows Share (NetBIOS/CIFS): uses a Windows share as data repository.
* Box.net: uses a Box.net folder as data storage.
* SFTP/SSH: uses an SFTP folder as data storage.
* more to come ...

A good option when wanting full control.

Dropship?

[ClickOnThis]

I haven't used it, but I recall hearing it mentioned awhile ago on /. in connection with Dropbox's alleged (?) attempt to shut it down:

http://razorfast.com/2011/04/25/dropbox-attempts-to-kill-open-source-project/

SparkleShare uses SVN for the dirty work...

[sweet+'n+sour]

Since SparkleShare uses SVN for storage, understand that it will never be binary friendly. I tried getting it to work with my schoolwork archive and it choked on some of the larger files I had.

Re:SparkleShare uses SVN for the dirty work...

[TooMuchToDo]

Argh. It should be using a light version of MogileFS or Walrus for storage.

http://danga.com/mogilefs/

http://open.eucalyptus.com/wiki/EucalyptusStorage_v1.4

The CODA File system

[hAckz0r]

With Coda the file sync is automatic and even allows for off line modification of documents. When reconnected Coda will sync any modified documents with the replication servers, running on your machine(s). The communications are always encrypted, and there is no reason you couldn't just encrypt the files in that Coda disk volume if you want to be extra extra sure. A number of OS's support Coda (e.g Windows, Linux) and there is no reason that I know that OS's like IOs or Android couldn't be made to do so also.

Its been many years since I listened in on the dev groups so perhaps someone else knows how stable it is. The dev website still says that the development group had been using it for a long time with absolutely no data loss.

http://www.coda.cs.cmu.edu/ljpaper/lj.html

Email

[kikito]

Host an email account on your own server IMAP access, and store files by sending them to yourself. Depending on your client, you can arrange the emails in files/folders/tags.

If you are comfortable with using gmail (probably no, but hey, information is free) you can use GMailfs and mount a http://sr71.net/projects/gmailfs/ . I haven't used it myself, I don't know if it's any good.

I couldn't find a working "general mailfs" system, which kindof surprises me.

Git

[npsimons]

I use git, which uses SSH by default, and since I already had SSH keys setup, it works pretty smoothly. Someone suggested staying away from git because you can't purge old versions, but that's a feature in my book. As for Android, I do not know what git support is like, but it works great on my N900, laptop & servers. Automatic merges, versioning, fully distributed repos and more just makes it nice. I don't know about GUI support as I don't need it, but automating it shouldn't be hard. Would make for an interesting project to slick it up and replace time machine & drop box in one swell foop.

WebDAV

[michelcultivo]

I've done some tests with WebDAV and it seems to be on the right way to let you store documents on your server (I hate the word cloud) and access it everywhere, you can use Linux, Windows, Android and iPhone/iPad. But you need a dedicated server (or VPS). Bye

melissi

Melissi is under development but its a quite promishing cloud storage platform. Build using Python, Django and Mongodb on the server side, twisted python on the client side. Linux clients and server soon to be released.

Read more at http://www.melissi.org

lipsync

[jerome83]

Check out http://fak3r.com/geek/howto-build-your-own-open-source-dropbox-clone/ and the resulting project https://github.com/philcryer/lipsync

Syncany

The Syncany project is still very young, but looks very promising: http://www.syncany.org/

I could open source mine...?

I'm the author of shmego.com, its a beta commercial product but large chunks are already open source (eg milton webdav, berry micro server and geroa email server) and i'm thinking of open sourcing the rest, ie the desktop app and the server. It would piss off by business mentor and wreck the IPO, but could be fun!

The desktop app is java based so runs on linux, macos and windows, although the installer is windows only at the moment.

The server can use cloud storage (s3 or rackspace) or a conventional filesystem, so you could run your own at home or setup your own cloud instance. It supports sharing and facebook integration, and I'm working on a federated sharing system.

Mobile access is via third party webdav apps (there's heaps) and we've got a little photo uploader which is being developed further to support video and audio files.

Anyone interested?

Brad

Why is developing alternatives so hard?

To me, it doesn't really seem that hard to develop an alternative to Dropbox and even host it in the cloud securely if you wanted to:

1. Develop a cross platform solution that encrypts *everything* in your sync folder using a secure password and AES-256 encryption (or encrypt to the users public key).

2. Upload that (those) files to an FTP server. You might want to develop a nice web based front end to allow for easy management but you wouldn't have to.

3. Make it sync on every computer the software was installed on.

Not too hard. Could do something like this in less than a week in a language like RealBasic or Python. Why is everyone finding this so damn hard?

You could also check Melissi

[elkosmas]

Well if you are interested in an opensource cloud storage platform you could check out http://melissi.org/ it's still under active development so it might be useful to check it's source https://www.github.com/melissiproject

Something with WebDAV

Just use WebDAV for your storage.
There are a lot of hosting services that allow webdav access (mydrive.ch is a very good one) and can be used on all existing platforms

Looking at Spideroak right now

[leftie]

On first glance, it looks like what the original request is looking for. Thanks for sweet utility site tip, water and sewer ;)
Someone give the Spideroak tip some karma.

https://spideroak.com/

Re:Looking at Spideroak right now

no, he requested something that is not cloud storage,(ie anything online, not under your control). ifolder is more inline with the original request

I wish for this too, but found nothing

[maxbash]

I support a District Attorneys Office and have been seeking a secure way to give electronic files to defendant attorney in the "Discovery" process. The files would have to be securely stored on own servers. Looked and looked for a Dropbox like system, concluded that we would have to roll our own. The Web Programmer rejected it, saying he couldn't devote the time needed to do it. Now we are just going to setup a SFTP server with take on all the fun end user support we will have give.

overthinking it

remote SSH server + sshfs on the client machine = win

Re:I's say even plain email is more secure than dr

[dbIII]

It didn't take you very long to run out of actual points and resort to insults did it? Did you even bother to read anything beyond that first line?

Re:I's say even plain email is more secure than dr

[MobileTatsu-NJG]

I didn't need multiple points, just the one. Did you have a rebuttal or a question?

A good question...

[matthewv789]

Maybe this isn't the use case of the original poster, but here is the situation that I expect most corporations face:
- Need to share files across the company or workgroup
- Files on individual workstations need to be accessible when offline from server
- Files on individual workstations need to be encrypted (in case laptop stolen, etc.)
- Need various group-based permissions for files belonging to different projects etc. (then add users to appropriate groups)
- History, version control, etc.
- Secure data transmission between client and server
- Server repository encrypted (and if on a hosting service, needs separate key from other customers); preferably able to install server software on own hardware for full control/privacy (and possibly keep within VPN)
- Client software fully supported on Windows and Mac (and preferably Linux, smartphones)
- Dead easy to use - just open and save files in the mirrored drive/directory and they sync/version automatically
- Bonus: shareable links (to files or folders), maybe sends an email containing the link. (Best to have tracking of when, by whom and with whom the file is shared, and policy control over whether allowed for certain files/folders/users, plus maybe expiration time on the link)
- Another bonus - web service to view files where you don't have the application installed locally

I haven't really evaluated them, but Spideroak and Sycplicity might be the closest that I've seen.

Apache + mod_webdav+mod_svn+mod_ssl

[BitZtream]

mod_svn being optional, if you want versioning.

Throw Apache on a Linux VM at some datacenter, use webdav clients to connect to it via SSL.

If you want, you can use an encrypting file system with your own key entered manually on startup, but if they drop it in a VM with or without your knowledge, they could certainly snoop your key and still decrypt it, but it'd certainly take more knowledge and effort than most of these places are going to have.

WebDAV support is fairly common, so you're likely to find apps that can use it much like those that use Dropbox.

If you want offline availability, well its a little more complicated, but not by much.

syncness

One of my best friends wrote an android app called syncness that uses samba/cifs over wifi to sync any data (mainly music). As others have said, use this to sync an already encrypted file. It already supports dropbox, but you don't have to use it. Scaling would be a problem, but with this you can use any cifs share you can route to.

DVCS Autosync

Dropbox alternative based on Git.

http://mayrhofer.eu.org/dvcs-autosync

Personally, I use OwnCloud (which is WebDAV) and I have versioned backups done by the server.

Use your SD card

[MyJobSux]

Im at the point where i dont trust android. The problem is its a necessary evil if i want to use a smart phone. I dont want a windows phone, dont want BB and HP epically failes to bring crap to market. If you DID want to store crap id suggest setting up SSH on a nix box and use that.

BBOX... another DropBox alternative

BBox (on github: https://github.com/bakulf/bbox/ ) is a DropBox alternative written in Qt/C++ based on SVN.
No web or mobile support ATM but it can be compiled on linux/max/win.

jupiter broadcastings solution

[mshenrick]

http://www.jupiterbroadcasting.com/8506/build-your-cloud-pt1-las-s16e10/

The only truly private-securing OSS "cloud" system

... Is the freenetproject (.org). It's older than "cloud" computing, but that's exactly what it is.
Massive, decentralised, *secure*, data storage. It's kinda similar to bitcoin, in a way. But it is very slow and can't be accessed straight from a web browser - it's P2P, so in order to "connect" to the network, you have to be willing to host a chunk of "anonymous encrypted" storage.

Google or Hotmail

Hey guys who are suggesting using google or any other cloud platform, do you think that they cannot access your files, emails, images? Of course they can!!

Truecrypt

Simple: make an encrypted volume with Truecrypt and sync it.
That way you have client-side authentication.
Use pwgen to generate a secure password. I like the -sy option and about 128 characters.
Store the password in a large MP3 or JPG with steghide.

If you don't trust others, trust yourself.

Forking iFolder? making it work as P2P?

[Mig]

I wonder why noone has ever though about forking iFolder, remove its ".Net"/Mono dependencies and integrate it into Gnome. If you add some P2P and Crypto working capabilities to share big files with friends it would be great. The idea is simple, the original code is tested and opensourced, however it has never gained enough traction to work. I wonder why.

Personally, I had the chance to test it some years ago and it totally felt like a "private dropbox", however the server side it is totally linked to Novell products and installing it in Ubuntu/Debian/RedHat/CentOS is more than painful (if not almost impossible).

OTOH, when what you want is a dropbox replacement, you want it to work seamlessly and automatically ... rsync/unison are not alternatives to this unless coupled to a daemon that manages them. It's how I do it now and, although it works, it's not the same thing.

My 2 cents.

tonido - app for your PC or server

[michaelbuddy]

I'm thinking Tonido is the best for this right now. I'll tell you why. Because like dropbox you can access your files remotely. It has a backup app plugin, so the syncing would take care there.

And for photos, which dropbox handles really well, Tonido also handles. It creates interactive photo gallery by auto-creation of thumbnails and a javascript based slideshow viewer. Includes ability to download full res, as well as a zip of the directory.

You can assign users to view and be able to download, to enable the sharing. It's pretty simple.

Now, if you had the right host, like a VPS, maybe you could load tonido, so it's an always on dropbox that you own. I dig it. I need to use it more. Unfortunately from work, I can't access my home box even with tonido because my work's network blocks acess to the port that tonido uses, like port 10000 something... you can look it up. But there's an iphone, android app.

I could say more. I need to blog about this probably just to reach out to a few others. I've purchased the pro plugins for it, because they were good, but if I had a tonido plug it would come with those.

why the bad rap on security/privacy for cloud

[bmullan]

why do people keep saying -- "anybody concerned with security and privacy will most likely not touch it with a 10-foot pole."

In ANY IaaS SP's architecture its up to the organization that utilizes that IaaS cloud to implement security ... just as they would have to do if it was their own datacenter.

If you do a crappy job with firewall, access lists, user accounts/password mgmt etc in the IaaS cloud you would probably do the same crappy job in your own datacenter.

Over just the past few weeks there have been any number of company's that have been hacked ... in their own datacenters.

Poor security implementation no matter were its at always is susceptible to failure & breaches.

Now if some company say.. Dropbox... does a poor job implementing their security process/policies on AWS... its not AWS's fault for that it would be DropBox's responsiblity. Those servers in an IaaS are configured BY those customers NOT the IaaS Service Provider.

TRUTH ABOUT JEWS FROM THEIR TALMUD

http://www.waylanderskeep.com/2009/12/jewish-talmud-quotes/

Goyims, Gentiles, and Akum are anyone non-jewish.

===

1. Sanhedrin 59a: "Murdering Goyim is like killing a wild animal."

2. Abodah Zara 26b: "Even the best of the Gentiles should be killed."

3. Sanhedrin 59a: "A goy (Gentile) who pries into The Law (Talmud) is guilty of death."

4. Libbre David 37: "To communicate anything to a Goy about our religious relations would be equal to the killing of all Jews, for if the Goyim knew what we teach about them, they would kill us openly."

5. Libbre David 37: "If a Jew be called upon to explain any part of the rabbinic books, he ought to give only a false explanation. Who ever will violate this order shall be put to death."

6. Yebhamoth 11b: "Sexual intercourse with a little girl is permitted if she is three years of age."

7. Schabouth Hag. 6d: "Jews may swear falsely by use of subterfuge wording."

8. Hilkkoth Akum X1: "Do not save Goyim in danger of death."

9. Hilkkoth Akum X1: "Show no mercy to the Goyim."

10. Choschen Hamm 388, 15: "If it can be proven that someone has given the money of Israelites to the Goyim, a way must be found after prudent consideration to wipe him off the face of the earth."

11. Choschen Hamm 266,1: "A Jew may keep anything he finds which belongs to the Akum (Gentile). For he who returns lost property (to Gentiles) sins against the Law by increasing the power of the transgressors of the Law. It is praiseworthy, however, to return lost property if it is done to honor the name of God, namely, if by so doing, Christians will praise the Jews and look upon them as honorable people."

12. Szaaloth-Utszabot, The Book of Jore Dia 17: "A Jew should and must make a false oath when the Goyim asks if our books contain anything against them."

13. Baba Necia 114, 6: "The Jews are human beings, but the nations of the world are not human beings but beasts."

14. Simeon Haddarsen, fol. 56-D: "When the Messiah comes every Jew will have 2800 slaves."

15. Nidrasch Talpioth, p. 225-L: "Jehovah created the non-Jew in human form so that the Jew would not have to be served by beasts. The non-Jew is consequently an animal in human form, and condemned to serve the Jew day and night."

16. Aboda Sarah 37a: "A Gentile girl who is three years old can be violated."

17. Gad. Shas. 2:2: "A Jew may violate but not marry a non-Jewish girl."

18. Tosefta. Aboda Zara B, 5: "If a goy kills a goy or a Jew, he is responsible; but if a Jew kills a goy, he is NOT responsible."

19. Schulchan Aruch, Choszen Hamiszpat 388: "It is permitted to kill a Jewish denunciator everywhere. It is permitted to kill him even before he denounces."

20. Schulchan Aruch, Choszen Hamiszpat 348: "All property of other nations belongs to the Jewish nation, which, consequently, is entitled to seize upon it without any scruples."

21. Tosefta, Abda Zara VIII, 5: "How to interpret the word 'robbery.' A goy is forbidden to steal, rob, or take women slaves, etc., from a goy or from a Jew. But a Jew is NOT forbidden to do all this to a goy."

22. Seph. Jp., 92, 1: "God has given the Jews power over the possessions and blood of all nations."

23. Schulchan Aruch, Choszen Hamiszpat 156: "When a Jew has a Gentile in his clutches, another Jew may go to the same Gentile, lend him money and in turn deceive him, so that the Gentile shall be ruined. For the property of a Gentile, according to our law, belongs to no one, and the first Jew that passes has full right to seize it."

24. Schulchan Aruch, Johre Deah, 122: "A Jew is forbidden to drink from a glass of wine which a Gentile has touched, because the touch has made the wine unclean."

25. Nedarim 23b: "He who desires that none of his vows made during the year be valid, let him stand at the beginning of the year and declare, 'Every vow which I may make in the future shall be null'. His vows are then invalid."

wuala.com

Wuala encrypts data on your device before transferring it to the cloud.

Syncany

Syncany (http://www.syncany.org/) is an open source projet for cloud storage and easy file-sharing.
It's still under developpement, but there is a recapitulative array comparing the features of similar softwares on the page. If it keeps its promises for its release, it will definitely have my preference.

Re:I's say even plain email is more secure than dr

[dbIII]

I suggest you look at the article today about Dropbox to get more understanding of my point above.

Re:I's say even plain email is more secure than dr

[MobileTatsu-NJG]

And I suggest you either try DropBox or ask somebody who has used it to get more understanding of my point. I also suggest you re-read what I already said so you understand the point I'm making instead of arguing against the one I'm not.

You have no point - try typing one in this time

[dbIII]

You have no point, you are merely childishly disagreeing unless you consider passwordless access for all to supposedly private files to be a feature.
Show you are better than your recent posting history of stupid shit all over slashdot and provide some substance instead of the "try it" rubbish. List those features that make this product so wonderful that it offsets the pathetic and failed token attempt at security that is little better than anonymous FTP and far worse than plain FTP.
Even better, give up on this pathetic "yes it is, no it isn't" game here on this thread and instead sing the praises of Dropbox in the comments on todays article and see what people have to say about your idea there.

Re:You have no point - try typing one in this time

[MobileTatsu-NJG]

You have no point...

Wrong. Go read like you should have the first time around.

Show you are better than your recent posting history of stupid shit all over slashdot... List those features that make this product so wonderful..

Fail. Heh. When you figure out why I'm saying this, you'll feel dumb.

Even better, give up on this pathetic "yes it is, no it isn't" game...

It's too hard to use a question mark, isn't it? This whole time all you had to do was say "Oh? What do you mean?" and you'd have been the richer for it. Either you'd learn something new or you'd have validation that you're correct. Now you're just frustrated and you're blaming me for it. It's comical, really.

Still no content

[dbIII]

So you've got "try it", "better", "They used it" and that's supposed to be some sort of information? What exactly is "better" about it which exceeds the problem of the flaws? Don't just tell me - post it on the article about Dropbox being wide open without a password and see what others think about it.

Fail. Heh. When you figure out why I'm saying this, you'll feel dumb.

I think I know exactly why you are doing this but I have instead given you the benefit of the doubt and have decided to treat you like an adult and decided to make the assumption that it could actually be about Dropbox and not about argument for the sake of it. While all your posts on a variety of topics look like you are playing some childish game to provoke a response you may actually be serious but not applying much in the way of communication skills.

Go on then - make me "feel dumb", act like an adult and tell me why you are writing these posts with no content and a quick resort to insult. I'm sure it's for a better reason than to provide me with lunchtime entertainment and give me a smug sense of superiority.
If you are serious about the actual topic then act accordingly and post something to the current discussion to let everyone know why you think it's worth using despite the massive security flaws.

Re:Still no content

[MobileTatsu-NJG]

So you've got "try it", "better", "They used it" and that's supposed to be some sort of information?

Are you rescinding the claim that you read my previous posts?

...instead given you the benefit of the doubt and have decided to treat you like an adult...

No, you are not. You realize that asking me what I meant was actually the right thing to do originally, but don't want to admit it. You're fighting it, kicking and screaming, hoping above all hope that I'll give you something you can argue with.

If you are serious about the actual topic then act accordingly and post something to the current discussion to let everyone know why you think it's worth using despite the massive security flaws.

I make you a counter-proposal: You see, I don't want to argue about it. Discuss it? Sure. I'd love to learn more-secure alternatives, especially if my needs are addressed. I only stand to win from your cooperation. But... I don't want to sit here and argue with somebody that has already spent several posts avoiding understanding the topic any better than they currently do. I mean, seriously, "you don't have a point"? Really? I already know the moment I list the first interesting feature, you'll hit reply and start formulating a rebuttal. I won't learn anything useful from you in that mental state, not interested.

So, it's entirely up to you: Are you willing to discuss?

Re:Still no content

[dbIII]

I'm sorry? What is your game here?
Can we write about Dropbox please instead of the pointless and insulting verbage you have above please?

Re:Still no content

[MobileTatsu-NJG]

Sure. Ask away!

Re:Still no content

[dbIII]

List those features that make this product so wonderful that it offsets the pathetic and failed token attempt at security that is little better than anonymous FTP and far worse than plain FTP.

Re:Still no content

[MobileTatsu-NJG]

Please phrase that in the form of a question.

Zero content, zero clue, zero value - fix it

[dbIII]

You are obviously not as incredibly stupid as you pretend to be and are able to read and understand my very simple post above, so no I do not need to rephrase that as a question. It's clear the actual topic you use as a seed doesn't matter. Your game is depressingly obviously just a childish game of stringing an adult along with empty responses to get attention.

Fail. Heh. When you figure out why I'm saying this, you'll feel dumb.

I have to admit instead that I can't help feeling superior and a degree of pity that you have such a need to get attention from an anonymous stranger but nothing of interest to write to get attention in this pointless exercise of masturbation of the ego. You got your long pointless thread despite having nothing to add to it so I congratulate you in getting whatever number of points you got in your little personal game. On my part it's been a way to spend time while eating at the computer so the attention you've received is no loss to myself.

You can be better than this.
I suggest finding something you are interested in and get to be good at it and you will no longer crave such empty attention.

Re:Zero content, zero clue, zero value - fix it

[MobileTatsu-NJG]

You said you wanted to treat me like an adult, that hasn't happened yet. I said I wanted to discuss, not debate. All you need to do is respectfully ask the question and we both get what we want.

Re:Zero content, zero clue, zero value - fix it

[dbIII]

I did treat you that way for a long time and it was undeserved. Don't throw your poor behaviour back on me kid.

Re:Zero content, zero clue, zero value - fix it

[MobileTatsu-NJG]

Why is it so hard?

Re:Zero content, zero clue, zero value - fix it

[MobileTatsu-NJG]

I'm sorry, my last post was too vague. My bad.

What are the features that make this product so wonderful that it offsets the pathetic and failed token attempt at security that is little better than anonymous FTP and far worse than plain FTP?

Why is that so hard to ask?

Syncany is the rescue!

[mpathy]

Syncany!
http://www.syncany.org/

And the best: I has more features than ALL other dropbox-like programs - also more functionality than the commercial ones!

First real release is coming soon but you can use the source already to make it.