Open Source Alternative To Dropbox?

garry_g writes "While 'the cloud' may be one of the major buzzwords of the Internet industry, anybody concerned with security and privacy will most likely not touch it with a 10-foot pole. While I am guilty of using Dropbox for occasional data storage or quick picture snaps with my Android phone, I do watch out not to store anything important on there (or incriminating), no matter what the "privacy policy" may be. I was wondering: what useful alternative is there to Dropbox on the FOSS market, which will allow access by both windows/linux boxes, but also mobile devices (specifically Android). I know there are front-end add ons for Windows (and Linux tools of course) e.g. for SVN, but most likely no implementations for mobile use as far as I can tell... And, of course, the backend should run on a Linux box ;)"

Sparkleshare

[Moderator]

Sparkleshare [sparkleshare.org] is still under development, and it seems to have the most traction of any user-friendly project. When released, it will be the open-source Dropbox replacement.

I agree though, it's very hard to get rid of the convenience of Dropbox. Not just for saving files, but for syncing your configuration across machines (save your .dotFiles in ~/Dropbox and then symlink to ~/). But when they refuse to support the BSD's (2 out of the 4 machines I regularly work on), and their Linux implementation starting requiring disabling SELinux [dropbox.com], they pretty much did it to themselves. Not to mention the whole thing where the Dropbox CTO admitted they could look at your files [bnet.com] if they wanted.

Re:

[jdray]

In Korea, only old people use Dropbox.

[Sorry, I haven't been around in a while...]

Re:

[Baseclass]

It's been awhile indeed, that meme lasted about a week like 2 years ago.

Re:

[MightyMartian]

In Soviet Russia memes you!!!

Re:

[wed128]

Was it that long ago? i feel old...

Re:

[CharlyFoxtrot]

By the time any of these open source projects push out anything worthwhile the world will have moved on and nobody will be looking for their clones. And even then they'll have none of the simplicity and ease of use of the originals, let alone the integration into other software. Seriously, when is the FOSS world going to take the lead on creating something cool for a change instead of rushing after the trend du jour ?

Re:Sparkleshare

[CharlyFoxtrot]

Well, you had Mozilla who had spent years rewriting their code only to push out a bloated hulk. Then Phoenix came along and basically wrote a light-weight shell on top of the browser engine and threw out all unnecessary non browser crap. Not very revolutionary (though a great browser at the time.) In facts the parts Mozilla pushed as being most revolutionary, like XUL, are the ones that really failed. I think if you look at real innovation in the browser space you'll find it either at the client side with AJAX, HTML5 (started by a consortium of Apple, the Mozilla Foundation and Opera Software), but especially Apple taking KHTML and using it to create webkit which spread everywhere. It's hard to imagine mobile browsing today without Webkit. So kudos to the KDE team for that.

Re:

[steveha]

Linux was just a Unix clone. I can't think of any area where it stood out as driving innovation.

It started out as a UNIX clone, but has lots of innovation going on under the hood. Subscribe to Linux Weekly News [lwn.net] and read the kernel updates every week, and you will get a better feel for the innovation going on.

Note that IBM is pushing Linux. IBM used to push their own UNIX, AIX; but now they have taken all the best features from AIX and ported them to Linux. Can you think of any reason why IBM might have d

Re:Sparkleshare

[tehniobium]

The SELinux issue appears to be a temporary bug. The thread you linked says: a) next version will have it fixed and b) gives you a one-liner for how to fix it yourself.

You can't have it both ways

[A nonymous Coward]

If you know enough about security to deal with SELinux, you can't have been surprised to find that Dropbox employees, and NSA/CIA/FBI with Dropbox-supplied access, can read your files. Regardless of whether they are encrypted by Dropbox while on the Dropbox servers or not, there is no other way they could send and receive arbitrary files without this capability. Either you are pretending to know nothing about security, or pretending to know something.

Re:

[Eivind]

SpiderOak is actually a lot more convenient than DropBox.

It's not open-source, but it has 3 other serious advantages. First it's based on a zero-knowledge architecture, this means that all your files are encrypted locally, before being put in the cloud, and the keys are handled (derived from a passphrase) in a way that ensures that nobody, not even employees of SpiderOak, can see your files. (for me this is an absolute requirement for storing files in the cloud)

Second, you can select more than one directory

What about Usenet?

[__aasehi2499]

It has been a cloud type service that has been around for how long? Granted it's not private, but all you have to do is encrypt your files. And as for privacy, considering the things that people continuously post there, and don't get caught, speaks to the possibilities. Yeah I suppose, data retention has only in the last few years gotten good enough to make a difference. But there have got to be some things we could learn about making the cloud work better from it.

Ubuntu One

[arisvega]

Ubuntu One [wikipedia.org], but the server-side is proprietary. And it is rather buggy on other platforms.

Re:

[edmicman]

Ubuntu One [wikipedia.org], but the server-side is proprietary. And it is rather buggy on other platforms.

So, like a lot of open source software, it's a solution...but not really.

Re:Ubuntu One

[cratermoon]

Like a lot of open source software, it's like a lot of other open source software that attempts to do pretty much the same thing, but in a different way and with different bugs and missing features. The solution, of course, to this mess of half-finished, buggy, and abandoned OSS with horrid UIs is easy. Start another project to do the same thing, only this time, we'll do it right. It'll be feature-complete quickly and free of serious bugs because all those other developers working on similar software will immediately see how superior we are and join us.

Re:

[arisvega]

You be trollin'. I am definately not in the mood of advocating Ubuntu, but;

They are working on it, AND they are giving out 2GB for free, AND if you skip the autosync features you can open a crapload of different accounts, AND you get 20GB more for the price of two icecreams per month.

Granted, $36/year may give you a sour face, but have you seen the prices of the competitors?

Hosted Alternatives

[slifox]

There are some decent-looking hosted alternatives to dropbox which do client-side encryption. I've looked into this a bit, but I haven't tried any of these yet, so YMMV...

One particularly interesting one is TarSnap. The best part is the client is OSS, so you can verify that encryption is done properly (strong & client-side). You could even reverse the protocol and design your own server software, if you want.
http://www.tarsnap.com/ [tarsnap.com]

Another interesting one is SpiderOak. However their client is not OSS, so you have to trust that they're doing the encryption properly
https://spideroak.com/ [spideroak.com]

Here are some other potential hosts, but I'm not sure exactly how proper the encryption is:
http://www.boxcryptor.com/ [boxcryptor.com]
http://syncplicity.com/products/ [syncplicity.com]

Re:

[metlin]

I've always thought about this -- how about a distributed storage network? Anyone using this needs to have a dedicated line and allocate at least 1 GB of their personal storage, and in return, they get 0.5 GB of distributed storage. The idea is similar to a P2P network, only, the data is distributed and redundant across every peer on the network (hence the reason you only get half of what you put in). As long as the encryption is quite secure, and there's a central server tracking the users, it should be fa

Re:

[edmicman]

I've wondered about this for even a local network. At my last job we'd have desktop machines with gobs of free hard drive space. Wouldn't it be nice if you could capture that free space on each machine and pool it all as sort of a local distributed network storage? Heck, build it into the OS and you'd be set.

The cloud is secure - if treated correctly

[Mephistophocles]

Dropbox is secure - just use PGP to encrypt everything you put up there, and decrypt it upon arrival at your host machine. I suppose that would require a jail-broken Android, but that's not all bad... I don't generally accept arguments that the cloud isn't secure. It is, if used correctly (see above). The cloud is like a public restroom - you treat it differently than the one in your house by being much more conscious about cleanliness and such (in the cloud, more conscious about security), but it's perfectly acceptable to use both.

Re:

[Anonymous Coward]

The cloud is like a public restroom

In that they're both full of other people's shit.

What does SVN have to do with it?

[jojoba_oil]

Why is SVN being compared to DropBox? There's no mobile app for SVN access because, typically, people don't do development on their phones...

Android phones pictures?

[icebike]

Why would he need dropbox for pictures snapped from his android phone?
If he has Android, he has google.
If he has google he has Picasa.
If he has picasa his android will sync with it at will.

Not all Android devices have Market and Picasa

[tepples]

If he has Android, he has google.

Not necessarily. Android-powered devices not using the Open Handset Alliance version of Android don't get the non-free Google apps.

Re:

[icebike]

True, the paranoid might want to store their upskirts on dropbox or a secure private storage somewhere other than on the phone (which could be seized by police). But this hardly makes sharing easy.

The request was for something more secure than Dropbox, or at lease open source. I have no problem with that. There' are documents I won't put on Google Docs, even tho I use Google heavily.

It just seemed to me that photo snaps were the least of my concern, and I would just keep them on the phone unless I wanted

rsync.net FTW.

[enselsharon]

I've had personal and business accounts at rsync.net going back over 5 years.

It's simple, it's straightforward, and it works out of the box with everything I use.

Oh, and there's this:

http://www.rsync.net/resources/notices/canary.txt [rsync.net]

It's not the cheapest offering, but my employers' account @ 2TB is around 28 cents/GB, per month.

Re:

[enselsharon]

A technical footnote - I use duplicity for encrypted backups on my (personal) rsync.net filesystem:

http://duplicity.nongnu.org/ [nongnu.org]

There's been some rumbling about Tahoe-LAFS integration, which is mildly interesting...

ownCloud or Wuala

[DVega]

On the open-source front, the only option I know is ownCloud [owncloud.org]. It provides the software to build your 'Cloud' storage, but you must provide your own hardware.

On the other side, you can try Wuala [wuala.com]. It is not Open Source, but it encrypts all your files before uploading them. There are clients for almost every platform.

Re:

[imamac]

I use owncloud. It it certainly not as robust as DropBox, but it works for my needs. It also has a plugin system for functionality expansion.

Re:

[tomz16]

I've wondered about this as well... My guess as to how they implement this :

The content is encrypted with a key, stored along with the content. This key is encrypted with your password. (e.g. similar to HDD encryption)
When you make something public your client changes the password protecting the encryption key on that content to something specified by the Wuala public web server.

This implementation :
- prevents your password from ever leaving your computer
- prevents the content from having to be re-encryp

ifolder

[bsmokeman]

Novell open-sourced ifolder. there are clients for linux, windows, mac, and even iphone. Someone just needs to write a client for android.
We are implementing it on a large scale, with Active Directory integration, and 270 mobile laptop users. I understand novell is moving to neutron (their new file/folder sync technology). It should solve some of the issues we had, such as integrating with a windows server, however it will not be open-source. We just used the ifolder client, and a proxy user for everyone's folder to bypass that issue. We looked extensively for a solution, and settled on ifolder, however mobile phones weren't part of the requirement.

Subversion?

[neokushan]

It might not be as convenient and be designed for an entirely different purpose, but it works for me.

ssh + rsync = win!

[WWE-TicK]

I put a Linux box with an SSH server and rsync on my FIOS line. Then I use rsync for Android to sync file shares between the Linux box and my Android tablet. This has been working fine for me. It might even be more secure than Dropbox.

Re:

[spinkham]

Unison is like rsync, but handles 2 way syncing better.

Re:

[drinkypoo]

AFAICT both ends have to run the same version to sync. In practice this means you have to either have a totally homogeneous network or build Unison everywhere but possibly one device whose version you have to match. If I am wrong then I am silly. If I am right then Unison sucks.

Re:

[drinkypoo]

rsync is only one way. You can run it twice to do a 2 way sync, but you also have the issue of deleted files reappearing.

I give to thee rsync --delete. You have to sync down before you sync up; when doing the pull (or so I shall name it) you use the -u flag ("skip files that are newer on the receiver"), then you do your file deletion, then you do the rsync -a --delete.

If only someone would revive dm-cache [fiu.edu] then you could do it with a remote mount (on Linux-based platforms anyway) which would be hilarious.

Even FTP is more secure

[dbIII]

Pretty sad isn't it?
SFTP is far better than both and is open.

Re:

[The MAZZTer]

That's just the communications protocol and is only part of the service. There are other crucial parts, such as figuring out what to sync, and which direction to sync it, and of course how to store the files on the server securely.

Re:

[MobileTatsu-NJG]

SFTP is far better than both and is open.

...and insufficient in terms of functionality. Oops.

Re:

[dbIII]

How so?
What is wrong with the current SFTP clients in comparison to the combination of a web browser and dropbox or similar?

Re:

[MobileTatsu-NJG]

Are you familiar with how Dropbox auto-syncs?

rsync

[GreatBunzinni]

I believe that rsync is able to cover most of dropbox's features, if not all. By using rsync you aren't bound to any service provider or even internet access. You may not have the flashy web interface and flashy android/desktop client but it is somewhat trivial to implement a front-end to rsync that abstracts all implementation details. If you wish to have some sort of history log then you can always set your clients to implement some form of incremental backup of your repository.

Re:

[profplump]

And unison [upenn.edu] extends the rsync model to do bi-directional syncing with basically no user intervention and no strict need for a centralized server. It's not quite mobile-ready, but there's real work being one on an ocmal runtime for android [github.com], which is probably 99% of what you need to get unison working there as well.

ownCloud

[reldruH]

Sounds like you're looking for ownCloud. It's still under heavy development but the file storage functions work very well and it's accessible on Mac, Windows & Linux via webdav and from everywhere else via a web interface. There are also a couple of mobile apps in the works and it runs on a standard LAMP stack. http://owncloud.org/index.php/Main_Page [owncloud.org] And a blog post about the current status: http://owncloudtest.blogspot.com/2011/06/owncloud-20-just-merged-with.html [blogspot.com]

Unison

[human spam filter]

If you have Linux PC that is accessible from the internet, then just use Unison (http://www.cis.upenn.edu/~bcpierce/unison/). I use it all the time to synchronize my PC at work, my PC at home, and my laptop. It is quite fast, my synchronized folder is currently ~7GB and it takes maybe 10s to check for changes (not sure how Unison manages to do this).

Re:

[drinkypoo]

Unison creates index files which it uses to keep house. Unfortunately, when I looked into using it to copy data between my desktop and my Dockstar running Debian, it told me the versions were mismatched. So I looked into it and from what I could tell the actual version numbers have to match on both ends. This is pretty much a deal breaker when you bring mobile devices into the mix, especially since it doesn't exist for them yet (unless you have a N900 or similar.) So I still use rsync, I just run it twice.

Pogo Plug?

[Nexus7]

I thought of this when I read the posting, because B*y.com sent me junk mail today about a sale on Pogo Plug Black. There's a Linux distribution for these - http://plugapps.com/index.php5/Main_Page [plugapps.com].

Your own cloud.

I must be behind the times

[future assassin]

People actually have enough time these days in their daily lives to fill up their phones memory/micro sd cards on every day usage? Or is this just people trying to look busy so others think they have somthing going on in their lives.

If you take so many photos you abviously want some quality in the image so why not just get any of the 100's of digital pocket cameras out there?

Re:

[thebra]

People actually have enough time these days in their daily lives to fill up their phones memory/micro sd cards on every day usage? Or is this just people trying to look busy so others think they have somthing going on in their lives.

If you take so many photos you abviously want some quality in the image so why not just get any of the 100's of digital pocket cameras out there?

I own an Android phone that I use for video/photos when I don't want to bring my DSLR with me. The picture quality is fine for snapshots from my HTC Thunderbolt. Also my phone does 720p video which obviously requires a lot of space. I can see how it is quite easy to fill up your phones memory with video and images.

nephthys

[higuita]

For share with others, a perfect replacement for FTPs i use nephthys [netshadow.at]. Its based in webdav with a very simple web interface to allow users to share files. It auto expires shared files, so you do dont waste space with forgotten shares.

the git needs a few tweaks to work in a recent debian ( i will send a patch do the developer in a few days/weeks)... the .deb packages didnt worked for me

yet this is a very simple solution and works very in windows, macox and linux

it is almost unknown, but it saved me from thousand of user calls asking for help with ftp problems (clients, access, quotas and transfer)

Missing the point somewhat

[93 Escort Wagon]

In this discussion a lot of people are totally overlooking the user-friendly aspects of Dropbox, which is really its main selling point (yeah, I realize it's Slashdot). Once set up, the end user doesn't even have to think about it. And the cross-platform clients work well enough that you don't have to really think about whether you're on a Windows box, a Mac, or an Android phone.

I wouldn't use Dropbox for anything sensitive, but it's great for stuff like keeping the family's grocery list. I even use it for

Re:

[edmicman]

Plus you can easily share a dropbox folder with another user, and collaborate on those files. And everything stays in sync there, too.

Incriminating? On the cloud?

[interkin3tic]

If you have incriminating files, why are you storing them on the cloud at all? It seems doubtful that the fourth amendment would protect stuff stored via cloud computing. [wordpress.com] Maybe it was just an odd choice of words, or not "legally" incriminating, but if physically securing your files is an option, that would probably be better. I have a hard time putting my faith in data storage I can't see. My gut feeling is that for -most- circumstances, a USB drive on your person would be more secure than anything on t

Why not WebDAV?

[DdJ]

Is there a reason not to use WebDAV for this? I know there's a WebDAV server (optionally) built into Tomcat, and I expect that there are others out there. I know there's terrific WebDAV client access from MacOS, Windows, and iOS, and the last time I checked (many years ago) there was adequate client access from Linux if you went looking for it -- I assume the situation on a modern desktop is completely adequate now?

rsync

[emt377]

rsync or sftp

Of course, if you have incriminating evidence on your phone/server then privacy won't help much if law enforcement shows up with a search warrant. It's easier to obey laws in the first place to void this particular problem.

Support?

[mchawi]

Are there any options that would work for internally hosted solutions (your data center not theirs) that would have support?

I have heard this question multiple times, but one of the requirements for some enterprises is to have support. Do any of these products (or similar, open source or not) that include support?

Alt approach

[MobileTatsu-NJG]

I've skimmed the threads here for alternatives and for various reasons they're not ideal. So I wanted to ask about an alternative approach: What about encrypting each individual file? What about using WinRar or .ZIP and password protecting (and compressing!) the file individually? Preferably something where I could right-click on the file, enter a password, then there's a password-encyrpted file ready to be sent through DB.

Is there a secure solution this way? Is it both PC and Mac compatible?

SSH

[munky99999]

1. Get a cheap VPS.

2. SSH -> sshfs for linux or expandrive for windows.

3. Have a folder named public in the folder you sshfs. Have that be the root of your webserver directory.

iFolder, and no, it's NOT apple

[perotbot]

ifolder, from Novell, but open sourced now. secure and encrypted and you can make it as big or small as you want. And it has a web interface..... ifolder.com

RSync, of course...

[Anaerin]

You can use rsync for this. And if you want it more complex and fully automated, you can add lsync to automatically push local changes to the "Master" server, and a post-xfer-exec script on the "Master" server to push changes back out to the other "Slave" servers (If they're connectable). I'm intending to put this in place for a multi-way (3, in this case) sync system myself.

How about encrypted zip files for the secret stuff

[wernst]

Surely not *everything* in your Dropbox folder is private and sensitive? Sure, your Excel spreadsheet with last years' taxes are, but your vacation photos?

For those few files I have that I consider sensitive, I just zip them up with a long/strong password and use encryption. There are a few Android apps that can deal with these zip files, and I know all my desktop OSes can.

You encrypt it yourself

[nedlohs]

So the privacy/etc policy of the provider doesn't matter in the slightest.

Treat it as a world readable file, doing anything else is being retarded.

Use Truecrypt

[Gailin]

Just place a Truecrypt file in Dropbox. Encrypt the heck out of it, and use that for storage and syncing. It doesn't take much longer, and leaves you with a warm and fuzzy secure feeling :) Since Truecrypt runs in portable mode, you can just put the Truecrypt files outside your encrypted storage and access it anywhere you can get web access. I put anything I want to secure in my Truecrypt file, things I don't care about (music, video, some pictures) I just use Dropbox normally.

Focus on RISK, not security

[davide marney]

Dropbox isn't just a "cloud" app; it spans both cloud and local platforms. Every PC you setup with Dropbox is a local backup copy. Even better, you can selectively partition your repository onto different machines. And, Dropbox keeps a rolling history of every file, going back a month.

Dropbox makes your data thoroughly pervasive and robust, with a minimal amount effort. The risk of data loss is much, much greater than the risk of being hacked. How many times have you lost a hard drive? Or accidentally deleted an important file? Or had your computer stolen? These things happen all the time, and they are very debilitating.

We ought to be practical and focus on the real risks we're likely to face. Much as we would like to think we're important enough to be a LulzSec target, the reality is we're all pretty boring, data-wise.

Email

[kikito]

Host an email account on your own server IMAP access, and store files by sending them to yourself. Depending on your client, you can arrange the emails in files/folders/tags.

If you are comfortable with using gmail (probably no, but hey, information is free) you can use GMailfs and mount a http://sr71.net/projects/gmailfs/ [sr71.net] . I haven't used it myself, I don't know if it's any good.

I couldn't find a working "general mailfs" system, which kindof surprises me.

Re:

[jojoba_oil]

Dropbox is perfectly secure if you use TrueCrypt.

Are there Android apps to access first the DropBox account and then decrypt the TrueCrypt inside of it? If not, this option doesn't fully answer the asked question.

Re:

[Black Gold Alchemist]

There should be.

Re:

[siride]

I really hope it's not called "keepass".

Re:

[digitig]

It is called Keepass, and I do the same. All my passwords are in there too, except for 3:

• My dropbox password;
• My Keepass password; and
• My primary email password so I can recover all the other passwords if Dropbox loses my Keepass file.

Re:

[SilasMortimer]

Because it's suggestive in what seems to be an unintentionally hilarious way. "Keeppass" would make more sense for what it does, but personally I like the current, suggestive spelling.

It's like those Payless shoe stores. When I'm forced (usually by a girlfriend) to go into one of those miserable places, I like to spread the misery by being mercilessly annoying and complaining that the shoes are not free and that if that's not what they meant, they should have used two words.

Being a Grammar Nazi doesn'

Re:

[DMUTPeregrine]

There is no TrueCrypt client for Android. There IS a GPG client, so make it Android + GPG. More work than Truecrypt though, since you have to encrypt and decrypt each file. https://code.google.com/p/android-privacy-guard/ [google.com]

Re:

[1karmik1]

This. Just create a truecrypt image on Dropbox and the privacy issues are solved. If there are other problems, like unsupported clients and whatnot like someone mentioned in a comment, then it might be wise to look elsewhere.

Re:

[The MAZZTer]

Does Dropbox only sync parts of a file that have changed? If so this will work, otherwise this will be horrible, especially with a slow upload speed. I might have to try this though.

Re:

[blueg3]

They only sync parts that have changed, with a 4 MB granularity. (That is, files are logically divided into 4 MB chunks, and only chunks that change are synced.)

Re:

[MobileTatsu-NJG]

Will DropBox be able to actually overwrite that 4mb chunk while you still have the image mounted as a drive? If you write something else into that folder while DB is updating couldn't it fail spectacularly?

Re:

[blueg3]

That's an interesting question. I don't know when the sync is triggered. The smart thing for Dropbox to do is wait until the file is closed (that is, the Truecrypt volume is unmounted) before attempting to push updates. Hopefully it would not try to download updates and apply them unless the volume is unmounted -- to do so would be disastrous.

A TrueCrypt container isn't going to handle simultaneous access well at all, which is a distinct shortcoming of this method.

Files locked and backed up

[Comboman]

I believe that the file is locked while updating. This is only really an issue if you are using Dropbox collaboratively (i.e. two people making changes to the same file at the same time), but even then Dropbox saves older revisions of files SVN-style so you can rollback to a previous version if there are problems.

By the way, if anyone doesn't already have a Dropbox account, if you use my referal link [dropbox.com] we can both get an extra 250MB of free storage space.

Re:

[Binestar]

Try AxCrypt. http://www.axantum.com/axcrypt/ [axantum.com] Open Source, AES128. I am not a cryptologist, so I can't vouch for how good it actually *IS*, but I've not been able to find anything other than a vague post on version 1.1 having an implementation bug.

Re:

[MobileTatsu-NJG]

Right, but isn't the whole volume going to have to be synced every time you make a change?

Or are you talking about creating an image for each file?

Re:

[moronoxyd]

See above.
Dropbox only synchs parts of big files that have been changed.

Re:

[jellomizer]

I am concerned about security on a cloud service...
Except for asking them to explain their security to you. I will download a tool without doing any security audit on it. Put it on my PC right under my desk and open a port to the outside world on my firewall. That way I feel a lot safer.

On the whole you are better off with cloud services. The key disadvantage is if it goes down, a lot of people go down too.

Now Cloud isn't perfect for everyone once you reach a critical size it is probably cheaper and for

Re:

[MBGMorden]

Either that, or, to prevent excessive syncing just setup a cron job to run a "touch" on that file at an interval you're comfortable with.

Re:

[MBGMorden]

TrueCrypt would be fucking horrible. You'd waste 4 MB of your data plan every time you changed a bit in the file.

Not everyone is on a capped data plan, nor do they necessarily change the file contents very frequently. I keep things like scans of tax returns and such in such a volume. Those get updated (as you might guess) once per year.

Re:

[Opportunist]

And which one are any good?

That's what bothers me about the "let me google that for you" crowd. Google is a search engine. It is no expert system, and it certainly makes no recommendation based on certain qualities of a product.

Re:

[MobileTatsu-NJG]

Rent a system at rackspace or a similar place; run linux on it?

How do you keep the people that have physical access to your machine from messing with your files?

Re:

[guybrush3pwood]

Rent a system at rackspace or a similar place; run linux on it?

How do you keep the people that have physical access to your machine from messing with your files?

A video camera and an attached shotgun.

Re:

[gstoddart]

How do you keep the people that have physical access to your machine from messing with your files?

Short of heavy-duty crypto ... I think most security falls apart when someone can have physical access to the machine.

And, even then, someone with the resources might be able to get through it if they were determined enough.

You want security, keep your files on your own machine, not in the cloud or on someone else's server.

Re:

[MobileTatsu-NJG]

Short of heavy-duty crypto ...

Short of it? That wasn't even covered in the original post. That was the point.

Re:

[gstoddart]

Short of it? That wasn't even covered in the original post. That was the point.

Except, in the links provided in TFS, DropBox had been asserting that the data was stored securely, and they couldn't look at them if they wanted. Turns out, they can, and if they wanted to (or were compelled to), they could.

So, it was covered in the article, and unless you applied your own crypto to your files, the question about how to protect your files from someone with physical access to the machine boils down to "you can't

Re:

[MobileTatsu-NJG]

...and unless you applied your own crypto to your files...

This is the step I want the answer to.

Re:

[gstoddart]

Try here [cnet.com], or here [techsupportalert.com], or here [all-intern...curity.com], or here [softsea.com].

Every time this topic comes up, people suggest these guys [truecrypt.org]. There used to be PGP, I think it's commercial now, but there's GNU PGP [gnupg.org].

I think any manner of Google searches will tell you how to do this. It's something that's been around for quite some time in various incarnations.

Re:

[MobileTatsu-NJG]

Thanks man!

Re:

[fermion]

Something like this may be the best option for someone that does not want to use Dropbox. More than likely, when and if Apple end iDisk, I will move to a Webdav server at a shared hosting site. Although Rackspace would be the ultimate, it would be rather more expensive than the $99 mobileme. Many shared hosting services has Webdav included, and ample space. Since it is your virtual server, and you are paying for it, there are no ads or third party data mining. There is, of course, risk of random attack

Re:

[MobileTatsu-NJG]

Great, all that's left is to update your server periodically, secure your ftp, and find some sort of auto-syncing functionality.

Re:ftp

[shmlco]

"... all that's left is to update your server periodically..."

Look, you can't have your cake and eat it too. Either someone else hosts the service, does the maintenance, and as such has physical access, or you use your own server, in which you have to do maintenance.

Re:

[MobileTatsu-NJG]

No no no, I'm saying his solution isn't a complete solution. Here's what his answer was like:

I need to get from St. Louis to Los Angeles!

Buy some Michelin tires.

Boy it'd be nice if the people offering solutions were actually aware of what all DropBox does.

Re:

[History's Coming To]

Ubuntu One is very useful, but I'm not sure if it will also work with Windows (Cygwin maybe? Never tried it). As mdragan says though, he wants it running on his own server I think, so it's not what he's after.

To be honest I'd just use an ftp folder and cron jobs for the synchronisation if the data's not particularly sensitive.

Re:

[Abreu]

I access my Ubuntu One files via the web interface on Windows... not very convenient, but it works in a jiffy

Re:

[MBGMorden]

I'm not sure I really see the point if he's trying to avoid the "the cloud". If you want to go the annoying self-hosted route there are certainly things like rsync, but to me that eliminates one of the primary uses of these type of services: an off-site copy of your data. A Dropbox account to me means that if my house burns down I don't lose 10 years worth of family photos and financial documents. No home-spun solution will do that unless you're co-locating off-site.

As has been suggested several times, i

Re:

[shmlco]

I suspect that the best solution is simply to use Dropbox. Files are encrypted on the server, and only certain individuals can access the keys. It also has the widest installed base, and the best mobile app support of any service out there. (Thousands of apps can save, print, or retrieve information from Dropbox.)

I use it, with some sets of folders stored as encrypted disk images, and some files that I need to reference across platforms "printed" and stored as encrypted PDFs with multiple passwords.

As to st