Searching \ for '[OT] Dropbox?' in subject line. ()
Make payments with PayPal - it's fast, free and secure! Help us get a faster server
FAQ page: techref.massmind.org/techref/index.htm?key=dropbox
Search entire site for: 'Dropbox?'.

Exact match. Not showing close matches.
PICList Thread
'[OT] Dropbox?'
2011\06\01@110946 by RussellMc

face picon face
Question:  Getting Dropbox for free (2 GB version) seems too good to be true
- is it?
Are there any known issues re privacy, security, affect on systems etc.?


I've just started using Dropbox file storage and synchronisation software -
recommended by others here in the past.
In its most powerfuil mode, a standard windows folder with subfolders is
essentially bidirectionally cloned on two or more participating
internet-connected PCs.

        http://www.dropbox.com

Looks like it will be extremely useful.
First quick tests with 4 PCs and several accounts shows that syncing PC
desktop copies works well and that use with or without the Dropbox software
installed works well.

Without software installed you don't get the desktop image but can still
access all the files from a browser (similar but  quite equivalent to a true
windows window). This version will be of especial value when using from
non-owned PC away from base (eg internet cafes etc).

With the software installed on a local PC files "just appear" in the local
dropbox folder and the system appears  almost seamless - multiple internet
connected folders are synchronised with no visible "strings" whatsoever.

Question:  Getting this for free (2 GB version) seems too good to be true -
is it?
Are there any known issues re privacy, security, affect on systems etc.?



     Russell McMaho

2011\06\01@113641 by Michael Watterson

face picon face
On 01/06/2011 16:09, RussellMc wrote:
> Question:  Getting Dropbox for free (2 GB version) seems too good to be true
> - is it?
> Are there any known issues re privacy, security, affect on systems etc.?
>
You can guess the URL!

The employees can browse your content!


It's not reliable or secure.

With the low annual cost of your own domain and hosting do any of these Privacy & Security failing Public Services make sense?

I can create a directory on my hosting and password protect it to individuals or a group. With a little more effort make the connection encrypted too (for people at public WiFi, which is seriously unprivate).

I only use gmail for folks that insist on a Google email address.

Photo sites that "own" your photos.

Also of course Facebook, Twitter, Google etc don't really want people to be private or have private stuff.

2011\06\01@114357 by M.L.

flavicon
face
On Wed, Jun 1, 2011 at 11:35 AM, Michael Watterson <spam_OUTmikeTakeThisOuTspamradioway.org> wrote:
> I can create a directory on my hosting and password protect it to
> individuals or a group. With a little more effort make the connection
> encrypted too (for people at public WiFi, which is seriously unprivate).
>

With a little more effort you can create your own private dropbox
service by using WebDAV.
The client is built-in to windows. At least it was several years ago.
Many commercial apps apparently can use it as well.
-- Martin K

2011\06\01@115633 by RussellMc

face picon face
>> Are there any known issues re privacy, security, affect on systems etc.?

I am not disagreeing with these answers - just trying to express my
understandings.

> You can guess the URL!

Or bypass it with eg bit.ly :-)

Also password protected at whatever seriousness you set.

> The employees can browse your content!
> It's not reliable or secure.

I read their privacy statement (as I always do).
It sounds reasonably OK.
SSL based using Amazons ??? system.
Access to your data limited by Federal requirements and enforced on
staff - if you believe them and if you believe their staff management
capability.


> With the low annual cost of your own domain and hosting do any of these
> Privacy & Security failing Public Services make sense?

Assuming security is in fact OK, the muti desktop syncing feature with
remote computer illiterate users is useful.
I want to sync several PC's here, one in Houston, one in ? in US, one
80 miles from here and possibly one in China.

> I can create a directory on my hosting and password protect it to
> individuals or a group.

Good.
Not quite as powerful as a Windows folder with browse and drag and drop access.

> With a little more effort make the connection
> encrypted too (for people at public WiFi, which is seriously unprivate).

Yes.
Comodo (and no doubt others) offer an SSL product to secure public WiFi links.
I probably got a GMail  password stolen at Hong Kong airport during
(free) WiFi access on one occasion.
Several years ago and never since.

> I only use gmail for folks that insist on a Google email address.

Yes. GMail is as manifestly insecure as many other systems "just are".

> Photo sites that "own" your photos.

I've never seen that.
I'd be VERY interested in knowing which attempt that.

> Also of course Facebook, Twitter, Google etc don't really want people to
> be private or have private stuff.

For those who really care, Facebook can be annoyingly private. It's
mainly that most people don't set theirs up that way.


Russel

2011\06\01@124205 by Dwayne Reid

flavicon
face
At 09:09 AM 6/1/2011, RussellMc wrote:
>Question:  Getting Dropbox for free (2 GB version) seems too good to be true
>- is it?
>Are there any known issues re privacy, security, affect on systems etc.?

I am not aware of any privacy issues.  My account is protected with a fairly strong password and I don't think that brute-force techniques will break it anytime soon.  That include the web-access option.

I use both Dropbox and SugarSync.  My Dropbox account is of the free variety but I pay for my 30GB SugarSync account.

I find that the two services compliment each other rather than compete.


>I've just started using Dropbox file storage and synchronisation software -
>recommended by others here in the past.

Darn it all - I hope that you used someone's referral link (preferably mine <grin>.  If you didn't use a referral link, feel free to pass mine on to the Dropbox people so that both you and I get the extra 250MB free storage.

Here's my referral links if anyone chooses to join the club:

Dropbox:  <http://db.tt/8nh08je>
SugarSync: <https://www.sugarsync.com/referral?rf=csq0xyf24f4tc>

In terms of 'free mode', Dropbox wins hands down over SugarSync and several of the other similar services that I looked at.  Specifically, Dropbox will synchronize many machine together whereas most of the others will sync only 2 or 3 machines before forcing you to go for their paid-for version.  The downside is that Dropbox is nearly the most expensive paid-for service out there.

Hope this helps!

dwayne

-- Dwayne Reid   <.....dwaynerKILLspamspam@spam@planet.eon.net>
Trinity Electronics Systems Ltd    Edmonton, AB, CANADA
(780) 489-3199 voice          (780) 487-6397 fax
http://www.trinity-electronics.com
Custom Electronics Design and Manufacturing

2011\06\01@130508 by Herbert Graf

picon face
On Thu, 2011-06-02 at 03:55 +1200, RussellMc wrote:
> >> Are there any known issues re privacy, security, affect on systems etc..?
>
> I am not disagreeing with these answers - just trying to express my
> understandings.
>
> > You can guess the URL!
>
> Or bypass it with eg bit.ly :-)
>
> Also password protected at whatever seriousness you set.

I consider ANYTHING stored on a service like this available to all.

Look at the PSN breach. A huge company like Sony and they stored
people's passwords in an easy to read DB (instead of a more sane way of
doing things, like hash tables, which aren't foolproof (if you happen to
use a hash that's got a rainbow table you're still toast) but far better
then what Sony did).

The ONLY way I'd consider using one of these types of services is to
encrypt anything going into them (i.e. encrypted zip files, truecrypt
containers, etc.). NOTHING stored on these sorts of services should be
readable by anyone.

That way, when (not "if" IMHO) they get breached by hackers, or decide
to snoop on your data all they will see is encrypted uselessness.

Of course, doing this this way severely limits the usefulness of some of
the features offered. My answer is: so what, at least your data is
secure.

I for one just host things at home and use encrypted tunnels to get at
my stuff. Sticking with Linux on the notebook, desktop and mobile has
made this solution pretty seamless.

TTYL

2011\06\01@131628 by Alex Harford

face picon face
On Wed, Jun 1, 2011 at 8:55 AM, RussellMc <apptechnzspamKILLspamgmail.com> wrote:
>
>> Photo sites that "own" your photos.
>
> I've never seen that.
> I'd be VERY interested in knowing which attempt that.

twitpic is one I am aware of:
http://www.plagiarismtoday.com/2011/05/12/the-twitpic-terms-of-service-debacle

2011\06\01@132906 by Tamas Rudnai

face picon face
> Question:  Getting this for free (2 GB version) seems too good to be true
-
> is it?

Why? GMail gives me almost 8G of email storage + Excel sheets and Word files
on Google Docs + loads of photos on Picasa... and all of these for free from
Google... is it too good to be true? :-)

> Are there any known issues re privacy, security, affect on systems etc.?

No heard of issues, but some talks about weaknesses on their system (using
MD5 which is weak for nowadays computing power) It is no more dangerous than
Google (inlc. Gmail), Yahoo or SkyPe (which can be eavesdropped and also you
might storing personal info or sending sensitive info over IM etc). This is
a kind of cloud computing issue, you just have to protect your data
differently than it was only on your private computer. As many mentioned
just encrypt data before dropping it to their folder.

BTW: DropBox is not only for Windows, but for Linux, Mac, Android and
iPhone/iPad as well. So it is very useful sometimes when you need your data
on the go.

Tamas



On Wed, Jun 1, 2011 at 4:09 PM, RussellMc <.....apptechnzKILLspamspam.....gmail.com> wrote:

{Quote hidden}

>

2011\06\01@134218 by Marten Vijn

flavicon
face

DIY:  
http://sparkleshare.org/

cheers
Marten

2011\06\01@134450 by RussellMc

face picon face
>> Question:  Getting this for free (2 GB version) seems too good to be true
>> is it?

> Why? GMail gives me almost 8G of email storage + Excel sheets and Word files
> on Google Docs + loads of photos on Picasa... and all of these for free from
> Google... is it too good to be true? :-)

Yes. Google certainly is.
They make it clear that they mine your information in order to direct
advertising AND they advertise to you.
It's not obvious how dropbox make money from you, except to charge for
premim accounts, and by getting you to get more people to join.
A prudent user could use their 2 GB and as long as DB did not steal
their data (as discussed) there would be no ads and no mining.

R

2011\06\01@150146 by Gerhard Fiedler

picon face
Michael Watterson wrote:

> On 01/06/2011 16:09, RussellMc wrote:
>> Question:  Getting Dropbox for free (2 GB version) seems too good to
>> be true - is it? Are there any known issues re privacy, security,
>> affect on systems etc.?
>
> With the low annual cost of your own domain and hosting do any of
> these Privacy & Security failing Public Services make sense?

Depends on your "hosting". For most (in this price range) this means
shared hosting... which is as "public" if not more as something like
Dropbox.
Of course you can encrypt anything you put there before you put it
there, but that's then not any different from Dropbox.


> I can create a directory on my hosting and password protect it to
> individuals or a group.
This doesn't help much against someone having root access to the system.
This includes probably at least a few admins of your hosting company,
and who knows how diligent they are with these passwords. (Working from
home, and all that...) I wouldn't recommend shared hosting as storage
for anything sensitive.

> With a little more effort make the connection encrypted too (for
> people at public WiFi, which is seriously unprivate).
And neither does this.

Gerhar

2011\06\01@164839 by Michael Watterson

face picon face
On 01/06/2011 16:55, RussellMc wrote:
>> >  Photo sites that "own" your photos.
> I've never seen that.
> I'd be VERY interested in knowing which attempt that.
>
http://www.theregister.co.uk/2011/06/01/twitpic_terms_and_conditions/

Also most people don't understand "creative commons"

Plain ole copyright under Geneva convention and than specifying terms is good enough for me unless it's software sources I'm giving away and then I'll use BSD free, Zlib, Apache or whatever depending on context to keep the recipient happy :-)

>> >  Also of course Facebook, Twitter, Google etc don't really want people to
>> >  be private or have private stuff.

> For those who really care, Facebook can be annoyingly private. It's
> mainly that most people don't set theirs up that way.
>
They deliberately make privacy an obscure hard to do thing. Of course if you want privacy why have a facebook account.

There are numerous pitfalls with Facebook in terms of how do you share stuff with some people and not some others... It's not designed for easy to use complex security.

2011\06\01@165935 by Michael Watterson

face picon face
On 01/06/2011 20:01, Gerhard Fiedler wrote:
>> >  I can create a directory on my hosting and password protect it to
>> >  individuals or a group.
> This doesn't help much against someone having root access to the system.
> This includes probably at least a few admins of your hosting company,
> and who knows how diligent they are with these passwords. (Working from
> home, and all that...) I wouldn't recommend shared hosting as storage
> for anything sensitive.
>

Oh totally agreed. Anything really secret needs to be in your own secured datacentre or minimum your own co-lo hw & sw.
Even then it only needs one guy physically at the PC (Wikileaks and US cables?)

My important stuff is not on Internet at all. Sooner or later that's gamed.

Also the more people with accounts to the password protected stuff, one is going to re-share it somewhere.

The only password protected stuff I have is going to get out anyway.. The access control only delays it.
I'm assuming it's public eventually.

The other board / committee members / RTE etc can read the linked documents here as a I add them.
http://isaa.irishwattystuff.com/docs/index.html

It's at least not like some of the free services where you DON'T have public links and email people URLs that work without a password. Believe it or not that's how "document /photo" privacy  works on some 2.0 social sites.

2011\06\01@171559 by nextime

flavicon
face
part 1 1428 bytes content-type:text/plain; charset="us-ascii" (decoded quoted-printable)

On Wed, Jun 01, 2011 at 11:43:16AM -0400, M.L. wrote:
> > On Wed, Jun 1, 2011 at 11:35 AM, Michael Watterson <EraseMEmikespam_OUTspamTakeThisOuTradioway.org> wrote:
> > I can create a directory on my hosting and password protect it to
> > individuals or a group. With a little more effort make the connection
> > encrypted too (for people at public WiFi, which is seriously unprivate)..
> >
> > With a little more effort you can create your own private dropbox
> service by using WebDAV.
> The client is built-in to windows. At least it was several years ago.
> Many commercial apps apparently can use it as well.

If you have a private server where to put a webdav server, you can also
use something more close to dropbox to "clone" it.

- http://sparkleshare.org/
- https://github.com/meltingice/RubyDrop

Those are two examples.

--
Franco (nextime) Lanza
Busto Arsizio - Italy
SIP://casaspamspam_OUTcasa.nexlab.it

NO TCPA: http://www.no1984.org
you can download my public key at:
http://danex.nexlab.it/nextime.asc || Key Servers
Key ID = D6132D50
Key fingerprint = 66ED 5211 9D59 DA53 1DF7  4189 DFED F580 D613 2D50
-----------------------------------
echo 16i[q]sa[ln0=aln100%Pln100/snlbx]sbA0D212153574F444E49572045535520454D20454B414D204F54204847554F4E452059415020544F4E4E4143205345544147204C4C4942snlbxq | dc
-----------------------------------



part 2 181 bytes content-type:text/plain; name="ATT00001.txt"
(decoded base64)

--
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
mailman.mit.edu/mailman/listinfo/piclist

2011\06\01@200323 by Ross McMillan

picon face
I use it extensively.  It's so good I don't care.  I only wish you got more
than 2GB.

Stay away from SugarSync - 5GB free but not nearly as solid.

I use it not so much for cloud-based backup, but with a bit of clever local
backup to and from dropbox running on two machines, I can have my work
source code folders and home ones automatically track.  I can leave work in
a hurry knowing I can keep working at home without having to remember to
take a USB stick with me.

The other impressive thing about dropbox is the speed with which it updates
files.  I've seen big >5Mb update in a few seconds because it uses pretty
smart algorithms.  I also bevieve if you drop a file it "knows" about into
your DB folder it doesn't have to upload it all.

R

On Thu, Jun 2, 2011 at 3:09 AM, RussellMc <@spam@apptechnzKILLspamspamgmail.com> wrote:

{Quote hidden}

2011\06\02@035944 by Joe McCauley

picon face
Check out the following

http://windowssecrets.com/newsletter/re-examining-dropbox-and-its-alternatives/

Joe

{Original Message removed}

2011\06\02@193125 by Jim Franklin

flavicon
face
Ross,
I have been using Dropbox for a couple of months now, and have signed up my
work email address, and a few friends have joined from a link I sent, so I
am up to 3.5gb capacity now. Remember- you get 250mb for every person who
installs it either as an invite, or to join a share you send them.

It also has the iPhone app so I can check when someone has uploaded a file
they have promised, whilst I'm out of the office.

Jim


{Original Message removed}

2011\06\02@221848 by Gerhard Fiedler

picon face
part 1 1410 bytes content-type:text/plain; charset="big5" (decoded base64)

Joe McCauley wrote:

> Check out the following
>
> windowssecrets.com/newsletter/re-examining-dropbox-and-its-alternatives/

Somewhat interesting, but it seems at least partially wrong. He claims:

"Or, you can drop Dropbox altogether. SpiderOak offers similar services,
free, without the centrally maintained encryption keys: you encrypt the
data with your key X and only you have the key."

However, on

is written:

"SpiderOak saves storage space using intensive data de-duplication. In
this way, SpiderOak can often keep all of the historical versions of a
file, using about the same amount of space that would be required to
store only the most recent version."

The way I read this, it means that SpiderOak's storage algorithm can do
diffs between the historical versions of a file -- that is, the original
content, not the encrypted content. This means the privacy concerns
(that the company and at least some of its employees can access the
data, and that they may provide it to federal agencies without warrant
and without notifying the owner of the data) are pretty much the same as
with Dropbox.

I'm not sure there is a service that actually stores only data that has
been encrypted with a key that only the user knows.

Gerhard


part 2 181 bytes content-type:text/plain; name="ATT00001.txt"
(decoded base64)

--
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
mailman.mit.edu/mailman/listinfo/piclist

2011\06\03@010409 by RussellMc

face picon face
> "SpiderOak saves storage space using intensive data de-duplication. In
> this way, SpiderOak can often keep all of the historical versions of a
> file, using about the same amount of space that would be required to
> store only the most recent version."

This COULD be done at each node without such storage being 'in the
cloud'. Would need to read more ... .


> I'm not sure there is a service that actually stores only data that has
> been encrypted with a key that only the user knows.

Any system where you encrypt the data before submitting it meets
whatever security you provide.
You could one-time-pad process the data at each end, or use PGP or
whatever, completely invisibly to SpiderOak or whatever other
transport system. Liable to play haoc with web based de-duplication
though :-)
..


     Russel

2011\06\03@082234 by Gerhard Fiedler

picon face
RussellMc wrote:

>> "SpiderOak saves storage space using intensive data de-duplication.
>> In this way, SpiderOak can often keep all of the historical versions
>> of a file, using about the same amount of space that would be
>> required to store only the most recent version."
>
> This COULD be done at each node without such storage being 'in the
> cloud'. Would need to read more ... .

In principle, but I highly doubt it. For that, the local software would
have to be able to create a local diff, which means it needs a base line
storage of everything that's in the affected directories, basically
duplicating the local storage requirements. Or it would have to hook
into the file system, to intercept any writes -- and keep a local
storage of only those until the next sync. And this for multi-platform
client software that's free... I wouldn't bet on it :)

>> I'm not sure there is a service that actually stores only data that
>> has been encrypted with a key that only the user knows.
>
> Any system where you encrypt the data before submitting it meets
> whatever security you provide. You could one-time-pad process the
> data at each end, or use PGP or whatever, completely invisibly to
> SpiderOak or whatever other transport system. Liable to play haoc
> with web based de-duplication though :-) .
.... and with a number of other features of the service. It wouldn't
invalidate their versioning, but would drive up the (online) storage
requirements for this versioning, because there's no reasonable (small)
diff between encrypted versions of a file; each version is a fully new
version. It also wouldn't play well with their automatic sync features,
as it would only sync the encrypted versions -- you'd have to take care
of the syncing of the original files with the (local) encrypted files. A
two-stage sync is much easier to get out of sync, especially since it's
not likely that they provide trigger hooks in their software that allow
you to run your local sync whenever they update a file.

Local pre-encryption is in principle always possible, but it invalidates
most of the convenience features of these services -- and if you do
this, you probably can use a Gmail account just the same and get 8GB for
free.

Gerhar

2011\06\03@154522 by Jeff Stevens

flavicon
face
On Wed, Jun 1, 2011 at 11:09 AM, RussellMc <KILLspamapptechnzKILLspamspamgmail.com> wrote:
> Question:  Getting Dropbox for free (2 GB version) seems too good to be true
> - is it?
> Are there any known issues re privacy, security, affect on systems etc.?

I use dropbox for filesharing but not for synchronizing anything I
consider personal.  For quickly and easily sharing files, drop box
simply excels.  Sure, I could share the file via my web server in
about a minute but dropbox knocks it down to 10 seconds.  Just drop it
into the dropbox "public" folder, copy the public link from the file
properties, and send the link to the folks I want to share the file
with.

-Jeff

2011\06\04@081108 by RussellMc

face picon face
1.  How public is the Dropbox public folder?

eg   Little boxes, but no hillside ...

        http://dl.dropbox.com/u/30808964/DSC07553%6010001109%60rp%20Little%20boxes%20-%20no%20hillside%20-%20maize%20and%20peppers%20%28red%29%2C%20probably.jpg.jpg

Is a photo that can be accessed by anyone who knows the link (as you now do).
But without that knowledge, how would you be able to access a files
with such a complex name?

I have so far not found how to browse a public folder or to view a
"directory listing".
Is it possible?
If not, is this then not at least modestly secure?
ie the same as if it had a password (in this case its name).

2. Any way to give access to a whole subfolder - system seems to want
to give a link per file.

_______________

FWIW: Photo is 1.7 MB
9 November 2010 well into final approach to ? - probably Ningbo.
Little houses, not on a hillside.
Yellow on flat rooftops will be maize.
Red at bottom left is probably peppers.
Mr Airbus's fine double glazed windows plus the ever present smog and
the camera's propensity to react badly to smog scattered UV (I think)
means you won't get too much better than this.


           Russell



On 4 June 2011 07:45, Jeff Stevens <RemoveMEjeffTakeThisOuTspammossycup.com> wrote:
{Quote hidden}

>

2011\06\04@084804 by Michael Watterson

face picon face
On 04/06/2011 13:10, RussellMc wrote:
> Is a photo that can be accessed by anyone who knows the link (as you now do).
> But without that knowledge, how would you be able to access a files
> with such a complex name?
Continuing on my "devil's advocate" regarding such services...

Perhaps if you know a few names you can expose the algorthim and have the computer "guess"?

Some sites are not using secure unguessable URLs. I don't know which category Dropbox is in.

Unless the URL generation is for all effective purposes random, a "security by obscurity" will fail when enough URLs are exposed.

2011\06\04@093713 by RussellMc

face picon face
> > Is a photo that can be accessed by anyone who knows the link (as you now do).
> > But without that knowledge, how would you be able to access a files
> > with such a complex name?

> Continuing on my "devil's advocate" regarding such services...
>
> Perhaps if you know a few names you can expose the algorthim and have
> the computer "guess"?

There IS NO algorithm - see below.

> Some sites are not using secure unguessable URLs. I don't know which
> category Dropbox is in.

The URL, if I understand how the access name is used,  is essentially
whatever the user supplies. It's :uncrackable if you make it so, and
it's trivially easy to make it so.

> Unless the URL generation is for all effective purposes random, a
> "security by obscurity" will fail when enough URLs are exposed.

If I understand what you are saying correctly, then you SEEM to be
arguing for the security being as good as that of a password of the
same length.

ie *IF* "the URL" is the link  that you see, and why should it not be
? *, then it can be essentially uncrackable.

Look at the "URL" that I posted;

          http://dl.dropbox.com/u/30808964/DSC07553%6010001109%60rp%20Little%20boxes%20-%20no%20hillside%20-%20maize%20and%20peppers%20%28red%29%2C%20probably.jpg.jpg

Oriiginal saved file was named:

           DSC07553`10001109`rp Little boxes - no hillside - maize
and peppers (red), probably.jpg.jpg

Their "30808964" seems to relate to my dropbox and is common amongst
multiple files on my dropbox site  - even at different folder levels.
BUT the end of the file name, viz

          Little%20boxes%20-%20no%20hillside%20-%20maize%20and%20peppers%20%28red%29%2C%20probably.jpg.jpg

is directly based on my orginal file name.
Guessing that name is impossible in this universe.
It's ~88  characters say 600+ bits long (excl jpg.jpg)
No chance of brute force cracking.
Highly redundant due to spaces and English language content BUT how
would you ever arrive at that name independently.

*IF* you MUST have the exact user file name then a 128 bit / < 20
character pseudo random block appended to any file name would give it
immense strength.

____________

If getting the file name correct is essential for access, then the
public folder is potentially more secure than the private  shared
folder access.

Private folders have all contents made visible to a user once they
enter the Dropbox-supplied URL that IS algorithm based.
BUT the public folder serves files on a file by file basis AND the
user can add whatever password they wish to the file name.

Conversely, if you want ease of access to multiple files, naming them
with a simple sequential name sequence will produce immediately
guessable URLs.




          Russel

2011\06\04@141643 by Dwayne Reid

flavicon
face
At 06:10 AM 6/4/2011, RussellMc wrote:

>2. Any way to give access to a whole subfolder - system seems to want
>to give a link per file.

Yes - but I don't remember the specific details as to how to do it.  However, the process was easy and seemed intuitive.

I've done this for only one folder to one person - I'm not an expert.  The end result was a link that I sent via email to that person - he reported no problems in accessing the files.

dwayne

-- Dwayne Reid   <TakeThisOuTdwaynerEraseMEspamspam_OUTplanet.eon.net>
Trinity Electronics Systems Ltd    Edmonton, AB, CANADA
(780) 489-3199 voice          (780) 487-6397 fax
http://www.trinity-electronics.com
Custom Electronics Design and Manufacturing

2011\06\10@224709 by RussellMc

face picon face
BCC: Gavin - worth your knowing about

      http://www.dropbox.com


> At 06:10 AM 6/4/2011, RussellMc wrote:
> >2. Any way to give access to a whole subfolder - system seems to want
> >to give a link per file.

> Yes - but I don't remember the specific details as to how to do
> it.  However, the process was easy and seemed intuitive.

In private area only. Not in public area.

I've found that:

1. In the public area you can only share on a file by file basis.
You cannot publish a public folder with multiple files in it.

They specifically note that this can't be done

2.  In the private area, if you give access to a folder to guest_A by
sending them a link and they create a dropbox account then for then on
they can see folder in their dropbox.
If you then give guest_A access to a second folder it does NOT send
them a second request or link but just asks them via  their dropbox
menu if they want to accept the second shared folder and, if so, it is
from then in immediately available to them in their dropbox.

3. You can share a folder with N guests without any sharing of other
folders by creating a guest_X  email account somewhere, creating a
dropbox for that guest X and hen having all guests who you want to
have access log on to drop box as if they were guest_X. You can have
multiple accesses at once to the guest_X dropbox. This is a useful
mode but not directly supported by dropbox.

Note that anyone logged in as guest X can add or delete files as desired.

4. You CAN place subfolders in folders in your drop box but if you
share a subfolder and not the whole folder with a guest the folder
nesting is not present at their end. eg

                 Colour_swatches\Octarine

if shared with guest-x will appear as \Octarine in their dropbox.

5. Files in an online dropbox will appear in the linked PC drop box of
any PC as soon as it logs on AND will show final files sizes using DIR
etc even though the file shas not yet been downloaded. This is very
useful as long as it is appreciated that the file may not yet have
made the hyperspace jump even though its directory entry has. That
this happens can be seen by wathcing disk capacity which falls
steadily as data is downloaded. A message is given when
synchronisation has finished. If you access a not yet downloaded file
it may well give preferential download of that files BUT I have not
tried that yet.

6. More

Making a "data river" that flowed between two remote PCs should be
extremely easy and would allow low level use by wholly non net-aware
applications.
Things like eg offsite backup of ultra-legacy applications.

Overall - powerful, useful, no seen bugs yet, a little quirky, good to have..



      Russell

2011\06\11@001955 by Ross McMillan

picon face
Russel - A comment on "data rivers".

There are major drawbacks using dropbox as a "data river" - i.e. a
bidirectional stream of data that keeps a folder tree continuously
synchronized between two PCs.

Let me elaborate:

My principal use of dropbox is to have a set of folders at work, and have
them mirrored at home - in both directions.  The idea is so that I can leave
work at a moments notice, and know that I can pick up again at home where I
left things at work.  It also means that I have a backup of the sources on
the cloud.  I can't use DB directly for this for several reasons:

  - I have a folder called C:\Projects and nested within this are
  subfolders for each project (over 100 at last count).  I might update the
  sources in any one-five of these folders on a given day.  I can't just make
  my dropbox folder as c:\Projects because there is way more than 2Gb, and the
  majority of it is stuff I don't want to back up anyway (exe's map files,
  object files, editor backup files, debugger files - anything produced by a
  build cycle).  I just want to back up the sources.  A comprehensive file
  exclusion scheme would solve this and pare the requirements to under the 2Gb
  free limit.  This is probably the most requested feature on DB forums.
  - Dropbox transfers stuff live.  If I have my Projects folder connected
  to DB and I edit a source file and do a build, by the time the build is
  finished the updated version of the file has been sent to the cloud and down
  to my home machine.  Lots of edits means lots of transfers means lots of
  internet traffic.  Not a biggie but some of my sources are quite large (up
  to 3 Mb for a Delphi DFM form file with lots of components on it).  An
  option to "transfer any file that has been updated but has not been updated
  for NN minutes" would solve this one.
  - Dropbox does not allow for client encryption keys.  Granted, the DB
  data on the cloud is encrypted, but by them, using their keys.  This is an
  important point because it means that your data is only as secure as your
  dropbox password.
  - Dropbox doesn't allow for data compression.  Source files are always
  highly compressible.  If my DB holdings on the cloud could be compressed I
  would fit 2-3 times as much into my 2Gb (they probably do compress the files
  as part of their host-side encryption - but they don't pass on the savings
  to you).

So I have used a hybrid scheme that gets around these problems.  It revolves
around another piece of software we bought called "Super Flexible File
Synchronizer" (don't laugh).  Funny name, it's not pretty, but it works,
it's solid, and the support is great.  It is a backup utility which does
just about all of the functions that the backup utility I've been trying to
write for the last 20 years does.  SFFS implements files and folder
exclusion, scheduled backups, compression and encryption and a whole host of
other features I seldom need.  Here's how I use it and DB:

  - I have a DB folder called "Sync" inside the "My Dropbox" folder of both
  my work and home machines.  DB keeps these folders
  synchronized continuously.
  - At regular intervals I use SFFS to run a both-ways sync between
  C:\Projects and "Sync".  I have an exclusion filter set up to skip all the
  junk files and generated files so that "Sync" just has an image of the
  source files in the Project tree.  I also get SFFS to compress and encrypt
  the files, so the files inside "Sync" are actually ZIP files encrypted with
  my own key.
  - The next time SFFS runs on the remote machine, the ZIP files that have
  changed are unzipped and decrypted back into the Projects folder tree.

The whole thing works pretty seamlessly.  We have our data river between two
PCs (or more - no reason why this can't be extended to keep several PCs
sync'd) and a free encrypted cloud backup as a side effect.  SFFS is also
pretty smart when it comes to keeping track of files and folder that are
moved or renamed.  You can set it up to track deletes or never delete files
from the backup.

Ross

On Sat, Jun 11, 2011 at 2:46 PM, RussellMc <RemoveMEapptechnzspamTakeThisOuTgmail.com> wrote:

{Quote hidden}

2011\06\15@081358 by Michael Watterson

face picon face
Via
CRYPTO-GRAM

                June 15, 2011

              by Bruce Schneier

I haven't written about Dropbox's security problems; too busy with the book.  But here's an excellent summary article from The Economist.
www.economist.com/blogs/babbage/2011/05/internet_security
The meta-issue is pretty simple.  If you expect a cloud provider to do anything more interesting than simply store your files for you and give them back to you at a later date, they are going to have to have access to the plaintext.  For most people -- Gmail users, Google Docs users, Flickr users, and so on -- that's fine.  For some people, it isn't. Those people should probably encrypt their files themselves before sending them into the cloud.
Another security issue with Dropbox:
http://dereknewton.com/2011/04/dropbox-authentication-static-host-ids/

2011\06\21@134927 by Michael Watterson

face picon face
On 01/06/2011 16:09, RussellMc wrote:
> Are there any known issues re privacy, security, affect on systems etc.?
>
www.theregister.co.uk/2011/06/21/dropbox_security_issue/


'[OT] Dropbox?'
2011\10\03@222010 by William \Chops\ Westfield
face picon face

On Jun 10, 2011, at 9:19 PM, Ross McMillan wrote:

> bidirectional stream of data that keeps a folder tree continuously
> synchronized between two PCs.

Since we're talking about DropBox again...

Are there some tools that will integrate DropBox with Source Code  Management sorts of things?  What I'd most likely to use it for is  backups of various "in progress" open source projects;  I want to sync  "files that are known to the SCCS", rather than full folders (which  are prone to containing large amounts of object files, code I haven't  changed, etc.

And or other tools that will sync on a file level, or be rule-based on  a filename basis, would also be interesting.

A two step sync process (my src folder to the dropbox, dropbox to  cloud) is fine.

BillW

2011\10\04@081630 by M.L.

flavicon
face

On Mon, Oct 3, 2011 at 10:19 PM, William "Chops" Westfield
<westfwEraseMEspam.....mac.com> wrote:
> Are there some tools that will integrate DropBox with Source Code
> Management sorts of things?  What I'd most likely to use it for is
> backups of various "in progress" open source projects;  I want to sync
> "files that are known to the SCCS", rather than full folders (which
> are prone to containing large amounts of object files, code I haven't
> changed, etc.
>
> And or other tools that will sync on a file level, or be rule-based on
> a filename basis, would also be interesting.
>
> A two step sync process (my src folder to the dropbox, dropbox to
> cloud) is fine.

I use mercurial and rsync
I backup everything a few times a day with rsync. It only transfers
files that have changed, so I could work on a lot of things and it
would only take 15 seconds to backup my data.

If I only wanted to transfer certain files there are many ways of
doing this with rsync. My rsync command right now is just:
rsync -azve ssh /source myserver.foo:~/destination/

I could just specify multiple source directories or use the
include/exclude parameters or I could dump the list of files
maintained by mercurial into a list and transfer just those files.

hg manifest > list
rsync -azve ssh --files-from=list myserver.foo:~/destination/

But mercurial works on directories anyway so I'm not sure why this
would be useful.

If you're actually using DropBox then you can just use rsync locally
to copy your source to the backup folder each time you build it. It'll
only copy the files that have changed, which is what I think you're
trying to accomplish. I don't use dropbox so maybe there's an even
easier way to do this.

--
Martin K.

2011\10\04@102622 by Tamas Rudnai

face picon face
On Tue, Oct 4, 2011 at 3:19 AM, William "Chops" Westfield <EraseMEwestfwspammac.com>wrote:

>
> On Jun 10, 2011, at 9:19 PM, Ross McMillan wrote:
>
> > bidirectional stream of data that keeps a folder tree continuously
> > synchronized between two PCs.
>
> Since we're talking about DropBox again...
>
> Are there some tools that will integrate DropBox with Source Code
> Management sorts of things?  What I'd most likely to use it for is
>

I have never tried but as DropBox creates a virtual device you may be able
to put the CVS or Subversion repository on this virtual device and do the
same on all the computer has the access to this DropBox device? Just my
cents.

Tama

2011\10\04@111303 by Dwayne Reid

flavicon
face
At 08:26 AM 10/4/2011, Tamas Rudnai wrote:
>On Tue, Oct 4, 2011 at 3:19 AM, William "Chops" Westfield
><RemoveMEwestfwEraseMEspamEraseMEmac.com>wrote:
> >
> > Are there some tools that will integrate DropBox with Source Code
> > Management sorts of things?  What I'd most likely to use it for is
>
>I have never tried but as DropBox creates a virtual device you may be able
>to put the CVS or Subversion repository on this virtual device and do the
>same on all the computer has the access to this DropBox device? Just my
>cents.

Actually, I don't think of Dropbox creating a virtual device at all.  What it does do is use whatever directory (folder) you specify or, if you don't explicitly specify your own directory, creates its own, new directory.

Although it wants to put its new directory somewhere in the 'My Documents' or 'Documents' folder in the current user's home directory on the 'C' drive, I have all of my Dropbox shared folders installed right off the root of the 'D' drive in all of my machines.  Quite appropriately, I named that folder as 'Dropbox'.  Do note that Dropbox gives that main folder its own unique icon to show that it is linked to your Dropbox account.

Because Dropbox monitors all file activity in that specific folder (and all of its child folders), you could easily create a sub-folder within that Dropbox main folder to contain your Subversion or Mecurial repository.  Whatever you do to that repository is then replicated to all of the machines that are linked to your Dropbox account.

Note that this is good behavior for a single user who works on only one machine at any particular instant in time.  I think that bad things might happen if two or more people were committing files to the repository at exactly the same instant.  In that scenario, you would be best to have a proper repository set up on a server somewhere that all of your machines could access.

Because I work on projects by myself, the above limitation just isn't a problem.  I've definitely NOT had a problem when I write code on my office machine, allow Dropbox propagate that code to my workbench machine, make changes to that code while I'm debugging that code, then walk back to my office and see that those changes have already been propagated back to my office machine (MPLAB reports that the source code file has changed and prompts me to reload it).

Best of all - all of those code changes show up on my home computer - and are propagated to my laptop when I turn it on in the evening.  Its just painless - and it just works.

dwayne

-- Dwayne Reid   <RemoveMEdwaynerspam_OUTspamKILLspamplanet.eon.net>
Trinity Electronics Systems Ltd    Edmonton, AB, CANADA
(780) 489-3199 voice          (780) 487-6397 fax
http://www.trinity-electronics.com
Custom Electronics Design and Manufacturing

2011\10\04@152531 by Tamas Rudnai

face picon face
On Tue, Oct 4, 2011 at 4:12 PM, Dwayne Reid <RemoveMEdwaynerTakeThisOuTspamspamplanet.eon.net> wrote:

> Note that this is good behavior for a single user who works on only
> one machine at any particular instant in time.  I think that bad
> things might happen if two or more people were committing files to
> the repository at exactly the same instant.  In that scenario, you
> would be best to have a proper repository set up on a server
> somewhere that all of your machines could access.
>

I think you are absolutely right, I totally left out the way Dropbox
implemented this. So even if that works theoretically, people need to
synchronise when to commit changes to this repository? Or that would not
work either?


> Because I work on projects by myself, the above limitation just isn't
> a problem.  I've definitely NOT had a problem when I write code on my
> office machine, allow Dropbox propagate that code to my workbench
> machine, make changes to that code while I'm debugging that code,
> then walk back to my office and see that those changes have already
> been propagated back to my office machine (MPLAB reports that the
> source code file has changed and prompts me to reload it).
>

Does it mean that you use the Dropbox folder as your working folder
directly? Then you should be able to hook up a CVS / SVN on these files and
commit the changes from either your work or your home computer, should not
you? I mean these versioning system dropps hidden directories in the working
directory and therefore that should be synchronised as well?

Thanks,
Tamas



{Quote hidden}

>

2011\10\05@121212 by Dwayne Reid

flavicon
face
At 01:25 PM 10/4/2011, Tamas Rudnai wrote:
>On Tue, Oct 4, 2011 at 4:12 PM, Dwayne Reid <RemoveMEdwaynerKILLspamspamplanet.eon.net> wrote:
>
> > Because I work on projects by myself, the above limitation just isn't
> > a problem.  I've definitely NOT had a problem when I write code on my
> > office machine, allow Dropbox propagate that code to my workbench
> > machine, make changes to that code while I'm debugging that code,
> > then walk back to my office and see that those changes have already
> > been propagated back to my office machine (MPLAB reports that the
> > source code file has changed and prompts me to reload it).
>
>Does it mean that you use the Dropbox folder as your working folder
>directly? Then you should be able to hook up a CVS / SVN on these files and
>commit the changes from either your work or your home computer, should not
>you? I mean these versioning system dropps hidden directories in the working
>directory and therefore that should be synchronised as well?

Yep - my PIC projects folder is within the Dropbox folder tree.  And yes: you could have CVX / SVN / Mercurial act on that folder just like normal.

Notice that I keep mentioning Mercuial - although I don't currently have a version control system in place, I do plan to implement Mercurial just as soon as I finish getting my head wrapped around the whole version control thingy.

dwayne

-- Dwayne Reid   <dwaynerSTOPspamspamspam_OUTplanet.eon.net>
Trinity Electronics Systems Ltd    Edmonton, AB, CANADA
(780) 489-3199 voice          (780) 487-6397 fax
http://www.trinity-electronics.com
Custom Electronics Design and Manufacturing

2011\10\05@130133 by M.L.

flavicon
face
On Wed, Oct 5, 2011 at 12:12 PM, Dwayne Reid <spamBeGonedwaynerSTOPspamspamEraseMEplanet.eon.net> wrote:
> Notice that I keep mentioning Mercuial - although I don't currently
> have a version control system in place, I do plan to implement
> Mercurial just as soon as I finish getting my head wrapped around the
> whole version control thingy.

If you're the only one modifying the code then mercurial is very simple.
Get TortoiseHG if you want Windows shell integration.

-- Martin K

2011\10\06@152830 by Peter Loron

flavicon
face
Mercurial is very good, although I've come down on the side of git for my version control. Faster than hg, more support, more active development community, better integration into other tools.

Also of note, Bitbucket recently added git support, so (along with mercurial) you can have free unlimited private an public repositories in the cloud. The repos also have a wiki function.

-Pete
On Oct 5, 2011, at 9:12 AM, Dwayne Reid wrote:

{Quote hidden}

> -

2011\10\06@161130 by Dwayne Reid

flavicon
face
At 01:28 PM 10/6/2011, Peter Loron wrote:
>Mercurial is very good, although I've come down on the side of git
>for my version control. Faster than hg, more support, more active
>development community, better integration into other tools.
>
>Also of note, Bitbucket recently added git support, so (along with
>mercurial) you can have free unlimited private an public
>repositories in the cloud. The repos also have a wiki function.

Many thanks, Peter.  I'll take a look at git.

dwayne

-- Dwayne Reid   <@spam@dwayner@spam@spamspam_OUTplanet.eon.net>
Trinity Electronics Systems Ltd    Edmonton, AB, CANADA
(780) 489-3199 voice          (780) 487-6397 fax
http://www.trinity-electronics.com
Custom Electronics Design and Manufacturing

More... (looser matching)
- Last day of these posts
- In 2011 , 2012 only
- Today
- New search...