- We assert the validity of this binary through other (cryptographic) means in the Dropbox Application.
- We're going to start sign it using the means that JZ's tweet refers to, in addition to our existing checks, to avoid confusion.
- The kernel extension / driver is signed by Dropbox (and this binary asserts that anything we install is signed only by us).
- The kernel extension / driver is opt-in and not enabled for the general population (it's used in our implementation of Smart Sync, née Infinite).
The only way to block the kext is using e.g. Little Flocker.
Moreover, the kext does get installed on my machines and I have a Pro account without Smart Sync.
I have been pondering to uninstall Dropbox, because all this behaviour is not acceptable. Unfortunately, I haven't found a good alternative yet.
Frankly, I find this use of kext's offensive. I'm putting Dropbox in my "do not recommend" list.
I've found the OC client to be very nice on the platforms I use (Linux, Windows, iOS). The Dropbox client on Linux was terrible to the point of being unusable.
So an implementation-detail for a feature on a platform you don't use caused you to shift to another product, which doesn't even support the feature you are complaining about? Am I reading you correct?
By all means. If you're happy running a FOSS solution on servers you control, more power to you. I'm just confused about your reasoning.
I don't think he's talking about only this one issue. Dropbox had an issue with something of this sort recently . They secretly gave their Mac application root privileges. They may have crossed the line for him here. I should say that I'm not speaking for him but I can see how something like this could have been the last straw for someone.
I personally think that the way a company treats it customers is a good display of how good it's culture is. It's not a good sign that they did this.
There was also a time that when you uploaded to Dropbox a file that was already on its servers, instead of storing the new file they stored a reference to the old one (that they already had) as per https://news.ycombinator.com/item?id=2478567
Anyway, there have been other Dropbox issues of a similar nature reported here on HN, and while I haven't been harmed by them personally, it speak to a style of development I don't agree with.
But what finally pushed me over the edge, was this racist initiative at Dropbox. I want no part of that.
Note that the Wifi drivers aren't libre, but besides that everything else on the OrangePi Zero, from audio to ethernet is in kernel 4.10 under GPLv2.
but a coworker was using a Pi-2 as a home media server without issue in some situations - basically he did the math on the bitrates per second and determined that the disk/wifi I/O (on the shared USB bus) was fast enough for his use case (IIRC streaming to main TV, possibly 1-2 more devices)
I do know he was looking at upgrading to another mini-arm board with
a dedicated PCI Nic or separate SATA due to the bus contention on
the USB limiting data/network I/O because he wanted to serve
more clients (family of 5 and associated devices)
so I guess the short answer is 'maybe, depending on use case'..
Once you have the files on the disk attached to the board just set up a NFS and/or SMB server on it and let the clients players mount it as a network drive and suck the data. This way you can for example have all home TV sets playing each one a different movie at the same time.
Absolutely. It's easy to install, works great, the only problem you need to solve is DNS. Either you need to use a service to point the domain to your dynamic IP or rent a static IP for your home address, which could pot expose your home network to attacks.
>things like video streaming from this would be slow
Depends on your uplink. Probably. If your home internet is fast you can stream for yourself or even a couple of people, but you can't really run a video streaming operation. It's easy math, just watch your bandwidth while your stream a video. On private customer plans, uplinks are usually artificially made a fraction of the bandwidth of downlinks by ISPs because they want businesses to be unable to run on them and buy the more expensive options instead
The one issue I've had was sometimes if it tried to sync while I was working in my IDE (gamemaker studio), somewhere between saving and compiling it would lose sync and want to redo the whole folder. I tended to pause sync until I finished working. Could have been a bug that was since fixed, but I still do it just in case.
Otherwise I'd have switched by now - as many folk point out, this is the third or fourth time this kind of approach has come to light, and it reflects badly on the company and the product.
I'd prefer not to rely on the generosity of others or running the relay server and having to manually configure syncthing clients to use it.
I get the argument from the other side as well, but if you're Dropbox, you just want to make the best file-syncing application you can make, and any other choice they could have made in these situations would be worse in lots of ways. We can quibble over which set of compromises is the right set, but I doubt you'll find a single set of uniformly preferred options. To be sure, there are probably some low cost wins they could make -- making the signing status of everything more obvious, etc., but I'm not sure what your desired outcome here really is.
I guess I mostly just find it annoying that people seem to think anything other than presenting my 67 year old mother with a dialog of full disclosure about kernel extensions is somehow the nefarious work of a shady company rather than a conscious design arrived at through a reasonable comparison of the options.
As for implications: We're here talking about it. That is an implication. This is not the first time either.
As for uniformly preferred: not futzing around with system level stuff without a preference or notification tends to be pretty much universal.
[x] Enable Smart Sync
[x] Install Dropbox drivers required for Smart Sync
Maybe just a note under the Smart Sync thing saying "Smart Sync drivers are installed. Disable Smart Sync to remove"? Will that actually make anyone happier?
Also—Dropbox is a filesystem. (Logically, the entire product is a filesystem; pedantically, traditional Dropbox might not be but Smart Sync definitely fits the definition of a network filesystem.) Traditionally on UNIX, if you're installing a third-party filesystem like AFS or Lustre or ZFS or whatever else, you're installing drivers. The fact that installing a filesystem installs both userspace software and drivers doesn't feel weird to me at all.
Is this a serious question? I've seen dozens if not hundreds of UI's that gray out a checkbox (either with or without the box checked) once you click a different one. Obviously this might not be an optimal solution for this specific dialog, but you could easily do something like:
[x] Enable Smart Sync (NOTE: This requires installing a driver onto your computer)
My point wasn't to blindly defend everything Dropbox has done. I'm sure they've made mistakes, both in design and implementation. My point was that things like their hack of the accessibility panel are, in my opinion, overblown by the average technical reader.
I think bothering the user with an accessibility panel is tedious "Charlie work" that I'd prefer be avoided. I understand why it works the way it does, and I understand the theoretical risk the OS is trying to mitigate. But I'm already trusting Dropbox with my data. It's silly for the OS to treat them like some unknown piece of malware, it's just that the OS isn't a generally intelligent agent able to make accurate determinations of that sort.
I get all that. It doesn't change the fact that I as the user of my computer just want Dropbox to do whatever it needs to do to work. I'm capable of doing the accessibility dance that most applications require, but not everyone is, and I think it's a reasonable position for Dropbox to take that if users are signing up and downloading our app, then implicitly they trust us to check the accessibility box. Is that an objectively acceptable argument? No, but all I'm arguing is that it's reasonable. It doesn't imply maliciousness that that's the argument that won the day inside Dropbox.
Guido has nothing to do with Dropbox, apart from being an employee at the company. He is neither the one who created the platform, nor is he responsible for how it operates.
It would be like using Gmail because you respect Brian Kernighan.
At the time I was choosing between these kinds of services, Dropbox and its competitors were all pretty comparable. I have great respect for the Python community and it's values, so when I learned that Guido was working there and that they were giving him time to work on Python, I thought it indicated a positive company culture. Why not go with Dropbox, all else being equal. Then they pulled this kind of BS repeatedly and appointed Rice to the board. I guess lesson learned about thinking good people will work at places that align with their values.
Obviously that it would be an irrelevant criterion?
Besides you answer that yourself: "I guess lesson learned about thinking good people will work at places that align with their values."
Dropbox Hasn't Learned Their Lesson https://news.ycombinator.com/item?id=12619722 (2016) "You seem to completely miss the point. It's not about the feature itself, it's your way of "hacking" or "injecting" Dropbox features into places the user didn't expect."
How Dropbox Hacks Your Mac https://news.ycombinator.com/item?id=12463338 (2016) "It's very strange that after I remove Dropbox from the accessibility list you think it's ok to add it back in again."
Dropbox accesses all the files in your PC? https://news.ycombinator.com/item?id=9136546 (2015) "It does, however, 'QueryBasicFileInformation' and and 'QueryDirectory' when I create a file on my desktop."
The Tech Behind Dropbox’s New User Experience on Mobile, Part 2 https://news.ycombinator.com/item?id=8203164 https://blogs.msdn.microsoft.com/ieinternals/2014/09/04/cave... (2014) "what good is a code-signed executable when that executable can simply download a payload from the internet like this Dropbox installer does"
Dropship — successor to torrents? https://news.ycombinator.com/item?id=2478567 (2011) "Apparently Dropbox notices they already have that file, and instead of you uploading it they just make it appear in your account." CEO Drew Houston actually did the PR for the cleanup: https://news.ycombinator.com/item?id=2482712
¹ http://mjtsai.com/blog/2011/03/22/disabling-dropboxs-haxie/ (2011) "Dropbox injects code into the Finder in order to draw the green and blue badges atop your icons"
Where Apple is providing zero of the APIs you typically find on more open platforms, like Linux and Windows.
Can't say I blame them. The other option would be to have a completely user-hostile installer and we all know how well they fare with the general public.
Installation these days has to be one click, or nothing at all. Otherwise you've lost your user.
I'm unconvinced that a horrible installer is the only alternative, but even if it were, you are asserting that you see subverting OS security mechanisms and intentionally ignoring user intent as somehow not user-hostile?
From my perspective, DB was kinda nifty when it first came out. The gap has been filled by commodity software for folks who can deal with self-hosting, so I'm personally happy. For other people, everyone and their pets wants to offer us all seamless hosted storage; there's no need for a glorified rsync service to be this creepy, evasive and intrusive.
> Otherwise you've lost your user.
I remain unconvinced that the various actions linked in the above were all required for a nifty install experience. Indeed, some of them are only required for forcing "features" on users that many have repeatedly indicated they don't want, after that all-singing, all-dancing install experience is over.
Which, turns out, is a great way to lose your user.
I can't remember the amount of times I've gotten frustrated with (beautifully written) open source software, but with a horrible complex UI that takes hours to figure out how to use. Those are hours of my life I'm not getting back.
Why can't stuff just work?
Disclosure: I've actually made a fair penny taking open source projects (not adjusting anything) and slapping a nice UI on it, doing nothing more than that. Good UI and UX matters and people will pay for it.
I realized that for the kind of niche productivity software I made Google is a much better app store.
I mostly live of organic traffic and only do actual marketing once in a while. The best is when the product gets exposed to communities who are into productivity.
They patch the Finder for all the additional features like their overlay toolbar and other little things, none of which I particularly like, but still - they are additional features lacking in Google Drive and friends.
As such I think it's not quite fair to say that Google Drive is much better for using the official API when it also doesn't provide additional features that are not supported by the official API.
Also remember that without DropBox and friends patching Finder in the past, we would likely never have gotten the API in the first place. Sometimes, in order to make a platform owner advance a platform, you have to work around their existing restrictions.
 - https://blogs.dropbox.com/tech/2016/05/going-deeper-with-pro...
> So @dropbox is using a completely unsigned binary to install kernel extensions on your Mac. This behavior is indistinguishable from malware.