So instead of using a FS shim to userspace on security grounds they decided to distribute a custom kext that's closed source -- ie a great way for normal bugs to turn into dangerous ones?
Exactly, we should be moving in the opposite direction: make as much software as possible user-space and sandboxed. I assume a party as large as Dropbox can request Apple to extend the APIs where necessary?
Sure, and occasionally the add stuff and consult with Mac software houses and indie devs (or musicians and editors for their Pro stuff) on what to add etc.
But that's not the same as building a bunch of APIs for a competitor.
On the contrary. Why would they make them open in that case?
They could just add them internally and use them for an "upgraded Finder/iCloud" and not expose them for Dropbox to use.
Implementing them for a competitor so that they "can use them themselves in the future" doesn't make sense as a strategy -- except if they are too benevolent.
Why when they can just keep it a private API only usable by iCloud?
OS X is full of functionality unavailable to 3rd party apps (I'm looking at you Power Nap! -_-) and expecting decent behaviour from them is optimistic.
> You'd think Apple would be happy to add extensions they themselves could use in the future to replace Dropbox with their own iCloud extension.
Not that I follow such things closely, but I can't recall ever having heard about Apple being happy to do something for someone who wasn't Apple. Do such things happen?
Especially since Apple already has! There are new extension APIs in El Capitan specifically designed for apps like Box and Dropbox to extend the Finder.
And they also released APIs designed to eliminate the need for KEXTs for virtualization products (see: Veertu and Docker for Mac beta), so I would expect them to also have/make APIs for Dropbox's use case as well.
Believe it or not, their APIs have very real deficiencies. To the point where they are subpar to custom solutions. E.g. is how extensions only allow for one application to be active at a time (i.e. you cannot run Google Drive and Dropbox simultaneously and have file overlay icons).
If FUSE semantics would be the same between systems, this would be a lot easier. But I'm not sure how that is possible, FUSE it too leaky, it exposes too much of the semantics of the kernel VFS layer, which is different between kernels.
I complete agree. Are there that many people running performance-sensitive I/O bound apps directly out of their Dropbox? Shouldn't they contribute back to libfuse rather than reinvent the VFS, with all the (sure as death and taxes) pitfalls and CVEs that will come along with it?
I wouldn't if I were Dropbox. Given the size of them, the speed they want to move, the security concerns with other people's code (vs a known beast that you're responsible for that you can limit to just what you need), the custom behavior they want (like new kinds of permissions, and the ultimate flexiblity of being in control of your own destiny... I'd make the same call. Dropbox has the talent to do this right.
I have a similar success story. Thanks to Dropbox spamming me with "OMG UPGRADE!" every time I clicked anything, I found out about SyncThing (specifically SyncTrayzor for Windows).
I am happy user of Syncthing[1] myself. I currently sync 1.5 TB of data with it. And on windows the SyncTrayzor[2] is excellent. I also use android client[3] as a one-way backup of my whole SD card from phone to my other computers.
As long as you're not on Windows, they have binaries available to try it out now-- I just went through their Getting Started guide (http://infinit.sh/get-started) on my Mac.
So..the cost of an extra kernel/userspace switch was too much for a file request that is going to be serviced by a server on the other side of the internet?..really?
Putting ext3 into userspace led to slightly less than 10% performance degradation on postmark. Fuse really isn't an issue in most cases, and I can't imagine that this makes a huge difference on most workloads.
Exactly what I noticed about it. Also worth noting that the context switch here may matter for the practically tiny amount of people living in the right places in the US. It's pretty much a definition of a first world problem. Meanwhile, I'll be here with my 200ms ping to S3 wondering why would they waste all that time/complexity just to avoid a context switch.
Reminds me of the performance arguments for kdbus.
The OS pre-extension doesn't know which files are stored locally and which are placeholders for remote files. You can't just selectively use FUSE for the remote ones. Using FUSE makes every file operation slower.
Not really enthusiastic about file syncing moving into kernel space. I get that this is necessary for on-demand fetching of files, but I worry about stability and failure modes - I can see apps stalling and/or getting confused when file open calls fail because the network drops, etc.
Reminds me of the Coda/AFS2 days, really (those weren't as much fun as you'd think, back when we opened files over X.25 links...)
Bottom line: I hope it's configurable and that I can switch it off (preferably by default).
I'm a bit scared to figure out what this means for my users scanning their hard drives with Space Gremlin. I go through standard file apis to scan all the folders on the users system. Will it end up scanning the entire users online filesystem and not just the actual local files? Will getting file meta data on all those online files end up causing a fetch to DB and grind the whole scan to a halt?
I've been resisting building a custom HFS+ reader for years but apples expanded use of hard links plus whatever DB is about to unleash might require a new approach.
As a paying Pro customer, I am a bit worried how intent they seem to be on pushing the business/enterprise products.
First of all, Dropbox the web application is spammed with Dropbox Business advertising. I am already paying. And, no, my employer (a European university) is unlikely to roll out Dropbox Business. So please stop bugging me :(.
Secondly, more and more features are rolled out to business users first. Why? Are regular paying customers going to be treated as second-class citizens to bully them into business accounts?
I killed my Dropbox Pro account and upgraded iCloud storage because the integration with the Photos app in iOS is way superior and the lack of something like Project Infinite, which results in a lot of manual folder management for my long tail of old docs. Dropbox's core sync technology is still unmatched, but the Pro offering leaves a lot to be desired over some of the better integrated experiences of Google and Apple's photos products.
I expect this to become even more of an issues after WWDC.
Going for iCloud, that's an odd decision, frankly. I would have understood Google Drive, but not iCloud.
When it comes to my personal photos archive, I care about 2 things: (1) occasional sharing and (2) keeping my huge archive safe. Dropbox does both, iCloud does neither.
iCloud sharing only works with people using iDevices and I don't have many acquaintances or family members with a preference for Apple. Dropbox allows for publishing to a web link, with or without a password, with or without an expiration date. And that's cool, because I can send that link to anybody. Cross-platform and all that.
In terms of safety, I keep an extra offline backup by means of a home Linux server that's almost always on, synchronizing my Dropbox and does the occasional local backup. It has a big hard-drive of course. Dropbox works on Linux, iCloud does not.
Also Dropbox provides a 30-days history of all changes and a 1-year extended history for extra cost. I got the 1-year extended history. With iCloud get some Ransomware and watch in horror how all of your photos are gone.
> When it comes to my personal photos archive, I care about 2 things: (1) occasional sharing and (2) keeping my huge archive safe. Dropbox does both, iCloud does neither.
iCloud definitely does occasional sharing. Keeping your archive safe is definitely questionable though.
> iCloud sharing only works with people using iDevices and I don't have many acquaintances or family members with a preference for Apple. Dropbox allows for publishing to a web link, with or without a password, with or without an expiration date. And that's cool, because I can send that link to anybody. Cross-platform and all that.
I can do that with iCloud Photos. I select a bunch of photos I want to share, I select an existing (or create a new) iCloud shared photo library, and then I enable a web link for them and share that. Works on fruits, robots, glass panes and penguins.
Yeah, I feel the same. At least give us a simple checkbox, "Don't show this to me again". Every time I open the web application, having to get rid of that pop up is very annoying.
I also wish they were more up front about the fact that some features of Dropbox stops working, like Camera Upload, if you transfer your account into a business plan.
I don't understand the limitations that stops it from working. I still have my images there, and when I connect my phone to my laptop using USB-cable, Dropbox syncs the images.
As a business customer, I'm thrilled they are focusing on us. We wanted to migrate our file storage to Dropbox for a while, but never did it because the business features weren't robust enough until recently. I'm excited to see them putting more effort into the features we need to provide our entire company with the kind of user-friendly service Dropbox already has at the individual consumer level.
For a real "deeper" blog they could have given us some benchmarks comparing good implementations on FUSE and kernel space. They instead gave a meaningless diagram to argue about performance. Toward closed source binary kernel blob they go, and out I jump.
This seems incredibly over engineered. One less system call? Great, but I'd rather the service just be cheaper. Skip the blog posts and just ship it already!
On box.com only admins can move & rename folders, which makes alot more sense to start off with. With this solution, it seems everyone can still rename the folders. Too bad their (box.com) support is the worst customer experience I've ever whitnessed.
The bit I don't quite understand about Project infinite is that you still have to manually decide what gets sync'd or not. It's also not a network volume, so things like virus scanners or search indexers can just page in-data? And if you want to offload data, you just move it from one folder to another which still eats space.
I've looked at your software a few times before. I've also tried to reach out to you before. To date I've never seen a response from you and I've moved on. I'm not stoked to see you're available to drop your product name in a thread about another company but inquiries to your own go unanswered.
Looking back that's the e-mail one of the messages went to. It was actually a reply to your seemingly automated messages saying "...please don't hesitate to shoot me an email..." and my reply didn't seem to generate any response. But poof, into thin air it all went. I'm a bit biased here because it just drives me nuts when all these companies pretend to play nice publicly by answering comments (like mine! thank you, first time I've heard from you even if it is just brushing my comment off as "sorry if I've missed an email..."), responding to tweets and everything else but then behind closed doors it's a totally different setup. Perhaps you were just busy who knows. I just feel like this is a trend in the industry and it drives me a little nuts.
Can you comment on how close the Linux version is? I've periodically checked your website since you commented about the Linux version being in private beta, almost two years ago.
They know what's active, what's new, can pre cache and watch what you do. I'm not sure what they do about Virus scanners and search indexes, but they should be able to know what process is requesting the data and do stuff accordingly.
Lest we forget: this is the company that let anyone on the internet log in to any Dropbox user account they wanted with any arbitrary value for the password.
Hi Sneak! As you're no doubt aware, people change over the years. They learn from mistakes, improve how they live their lives, and become better over time.
Companies tend to be the same way, learning along the way and maturing, especially when it comes to business processes and risk-related parts of the business.
It's entirely possible that the Dropbox of 2016 isn't like the Dropbox of five years ago in many concrete ways. For example, they could have hired new people, improved testing and release processes, and become more serious about engineering discipline.
Many startups early-on make dumb mistakes and go on to great success and professionalization, but we should have both empathy and forgiveness for them in the long term. Dropbox has recently demonstrated a focused attention on large scale, challenging engineering projects (building a replacement for S3 in-house from scratch, writing kernel extensions, etc) and a reasonable observer might conclude that they've learned from the mistakes of 2011.
Regardless of how much they've changed, 2011 Dropbox was decidedly not two guys in a garage and their complete and total lack of security engineering diligence and multiple overlapping process failures that must have occurred to lead to that incident call every future "At Dropbox we take security seriously" into question. (See also: "goto fail".)
At some point, Dropbox clearly didn't take security seriously. They claim otherwise now. The question is now "at what point should we believe them?" It's subjective and my opinion is that the 2011 management that didn't take security seriously then probably still doesn't take it that seriously now - they've simply hired underlings to worry about it.
I have experiences with companies that have security in their DNA from day one, and I've {observed, worked with, been a customer of} a whole fuckton more who bolt it on later once time and money permit. Most of the latter do not actually care one whit about security, it's just one more "avoid existential threat x" box they have to tick as their business grows.
Google falls into the former. Dropbox and Slack and LinkedIn fall into the latter.
There is no reasonable amount of time that needs to pass until I willingly let a Dropbox or a Slack or a LinkedIn run code in my workstation's kernel. Maybe that makes me a jerk - if it does, I apologize.
Google most certainly does not fall into the former.
Google has had multiple security incidents during the lifetime of the company that resulted in an increasing investment in upping their security profile. Operation Aurora (https://en.wikipedia.org/wiki/Operation_Aurora) was one of them (which of course bit a number of companies and was quite a sophisticated attack), but they have had other screwups, like the SRE spying incident (http://gawker.com/5637234/gcreep-google-engineer-stalked-tee...) and others.
For Dropbox, the password incident did result in major and serious change; it was a turning point resulting in significant investment in product and infrastructure security. In my admittedly biased opinion Dropbox now has one of the best security teams out there. For example the product security team invests heavily in the XSS protections on Dropbox's website that are top of class, and stronger than those on many of Google's own first party properties (I'll demur on details here at the risk of likely violating one or more NDAs, but I encourage you to read https://blogs.dropbox.com/tech/category/security/).
Source: I've worked as a software engineer at both Google and Dropbox and I'm reasonably familiar with engineering, infrastructure/operational and physical security practices at both organizations.
I'm not sure what this means, but if by "unbidden shill-like opinion" you mean to insinuate shilling by another commenter, that's not allowed on HN without evidence. An opposing opinion is not evidence.
For one, this was in regards to the parent being a response to its parent, which was unrelated to other parents. Second, I was attempting to make a generalized assessment that no one should particularly care about a prior/current/whatever employee's opinion, precisely because it is sorely lacking in technical details that matter. (In other words, it was an argument from authority - a fallacy.) Perhaps I triggered the wrong idea with "shill-like" but I'll take the down vote for that with pride. Cheers (and keep up the great mod work)!
I'm not sure I understand the logic here