

AeroFS/S3: Private syncing to Amazon's Cloud made easy - yurisagalov
http://blog.aerofs.com/aerofss3-syncing-to-amazon-cloud-never-been-e

======
andybak
Been keeping an eye on AeroFS. I don't see why syncing and storage should be
mixed together (Dropbox)...

I just want them to support syncing existing folders rather than blessing a
particular folder as the syncing one. Then we've got a nice zero-config p2p
replacement for rsync.

~~~
krupan
I too really like the idea of aerofs. It was pretty buggy when I first tried
it (years ago, at least it feels that way). In the meantime I found spideroak,
which can sync whatever directories you tell it to sync, there's no special
"spideroak" directory that you have to use. It also encrypts everything
locally with my key that they have no access too before sending my data to
their servers. It does have to use their servers though, it isn't p2p like
aerofs.

------
magic_haze
I have been looking around the aerofs site for a few minutes now, but I
haven't been able to get any details about pricing etc. My main question: how
is this different from what JungleDisk has been offering for years? Besides
the "unlimited" data promise (which should be immediate turn-off for anyone
remotely serious about cloud storage), I don't see any advantage at all:
JungleDisk has been

* in development for years, * is owned by Rackspace * but also offers storage in s3, * the abstraction over s3 is open source (atleast, that was the pitch when the company was starting up -- I haven't been able to find the link to the source in the new rackspace branded site) * also offers AES encryption and de-dup, * syncs files, * has apps on windows/mac/ios/android

... so what exactly is the pitch here?

~~~
weihan
I'm a cofounder at AeroFS. The main advantage of AeroFS is P2P file syncing
without using servers. S3 support is a nice addition to the basic
functionality, allowing users to use S3 as a "super" peer.

------
fkn
I haven't tried AeroFS yet but this new feature is giving me the push to try
it now. Being in control of my data and my costs is something I was looking
for.

Something is bugging me though, what is AeroFS' long term viability if they
don't charge for their services?

~~~
adrinavarro
I think they're a P2P, 'cloud' storage service. Space is shared by users (or
that's what I understand). You can also choose to upload (some) stuff to their
own servers. And everything with strong AES encryption.

I haven't tried it yet, I still stick to the old fashioned solutions (Dropbox,
Backblaze, Time Machine) as they serve me well, but sounds like something
interesting with uses to explore (…maybe not the very same ones that have
current services!).

------
hemancuso
Seems cool.

Hasn't AeroFS/Regular been in beta for years now? I like this idea but perhaps
some focus on the core product so the company survives would suit them better.

Additionally - how do they emulate any kind of locking? Backup to s3 is easy
but multi-device sync requires substantially more coordination that needs a
lock of some variety.

------
kyboren
I wonder which key derivation function is used. In practice, this is probably
more important for security against brute-forcing than choosing AES-256 vs.
AES-128.

I hope they take some inspiration from the excellent tarsnap and use scrypt.

(PS: posting here because I refuse to register for yet another service or
associate any social networking account with their site just to comment)

~~~
zarvox
I'm an engineer at AeroFS, and yep, we use scrypt. The client applies scrypt
with a per-user salt to the S3 encryption passphrase you enter at install-
time, which gives a 512-bit key that the client stores. This is not quite the
AES key itself - we apply PBKDF2 an additional time to this stored value to
derive the actual 256-bit AES key (it fit more easily into our existing
codebase...), but it retains the same hardness of derivation that scrypt
provides (unless the stored key is stolen, as is the case in any system with
stored keys).

In this manner, the AeroFS client can (and does) access the data stored on S3
directly, but if you were to lose the machine that runs the client (but still
know the password you used at setup), you can still decrypt those files by
deriving the same key on a different machine.

Colin Percival's writings ([1] in particular) were very helpful in picking the
appropriate set of cryptographic primitives to use. Thanks, cperciva! :D

[1] - [http://www.daemonology.net/blog/2009-06-11-cryptographic-
rig...](http://www.daemonology.net/blog/2009-06-11-cryptographic-right-
answers.html)

(edited to add that I work at AeroFS)

------
benigeri
I've been using AeoroFS for a while now, and its been incredible. I got to bed
at ease knowing that Drew Houston isn't creeping over my files at night.

~~~
newman314
Second. I would love to be able to use 1Password with AeroFS instead of
Dropbox.

------
thexa4
I'd really like to try AeroFS although they don't seem to have enough beta
spots. Is there anyone that could spare an invite?

~~~
someperson
Yeah I've been waiting to use AeroFS for years.. I don't understand why it
would take so long for a product that has incredibly small marginal costs
(unlike say, Dropbox or Gmail where there were/are real server storage costs
involved).

They claim that if you invite 5-10 of your friends you can get an invite, but
I don't want to invite 10 people just to be a beta user of the product, it's
unfair to my friends to do so unless I'm a rabid evangelist who genuinely
loves the product (which I'm not, yet).

You don't have to invite the backlog of users straight away, but try to invite
say 5-10% of the beta-requested users every month (I don't mind giving 3
months warning for AeroFS to get its systems ready, so AT MOST by
September/November it should begin this)

Every time I search around the web for AeroFS I see claims of it being
vaporware but then there also always seems to be pro-AeroFS employees
astroturfing. Even here, the CEO (not a regular user) is linking to a company
blog-post (a practise which I don't necessarily have any against, but it's
worth noting)

AeroFS can be so much - it fills an incredible important niche (like someone
said in another comment - an easy to setup P2P rsync). Local, cross-computer
syncing is an important thing - many places in the developed and developing
world have limited internet bandwidth but heaps of local network bandwidth.
Hundreds of gigabytes to multiple terabytes of media, documents and data need
to be shared and Dropbox would require immense amounts of money to do so.

It may not be as profitable as Dropbox on a per-user basis, but it doesn't
need to be since we are using our own bandwidth so it doesn't cost AeroFS
anything.

They had YC-funding, have like 15-ish employees last I checked. With that,
Dropbox arguable is in the process of changing the internet forever. AeroFS
can do the same.

------
balanceiskey15
Any chance of opening up some more beta invites? I've been waiting awhile :(

~~~
balanceiskey15
Might help if I actually read the whole article, drop your requests here:
iwants3@aerofs.com

------
Tautologistics
I got burned by AeroFS recently. Uninstalled AeroFS and then wiped one
computer; when I woke another one up, all the data I had synced with the first
computer started getting deleted, as indicated by many Growl notifications.

I could not stop the action and was only able to recover bits and pieces of
data from deleted blocks. On OSX, one might think that deleted actions would
move the file to the trash but, nope, straight up deleted. These two
unexpected behaviors have convinced me drop AeroFS and stop telling others
about it.

~~~
yurisagalov
Hi Tautologistics,

There's a good chance you won't ever see this response since the thread has
aged off the front page, but I figured I'd respond to it anyway, just in case.

We've actually addressed this behavior in the beta release recently by
introducing local revision history. Unfortunately we haven't exposed this
through the UI yet, but if this happens again in the near future I'd be happy
to help you recover.

------
Eurofooty
I tried AeroFS for a while but in the end went with InSync GD and Google's
cloud, though Google Drive works just as well. I use a TrueCrypt vault for
personal stuff.

------
davidcollantes
Only for Linux? Any timeline for OS X and the other?

