Why I Dropped Dropbox and got OwnCloud(dorktech.com) |
Why I Dropped Dropbox and got OwnCloud(dorktech.com) |
You can get free DropBox space when you buy android tablets and phones. I think between a tablet and a htcone I scored like 500GB's at Dropbox.
Public cloud is not for sensitive data - its for transferring lame documents and media between places. Usually the people who are worried about security for data in public forums usually dont actually have any data anyone wants to steal.
> OwnCloud is basically Dropbox, without the data limits and pricing restrictions.
There's some pretty huge caveats in the above statement from the article.I switched to ownCloud for a while and then switched back to Dropbox. I switched back to Dropbox for a couple reasons.
First, ownCloud is written in PHP and the code (and the plugins you could add on) looked pretty janky. The UI was better than the usual open source fair, but still janky. Second, the trouble of having to worry about maintaining backups[1] for the ownCloud data store and server redundancy made the $10 a month I pay Dropbox look a lot more attractive again.
And finally, a lot of iOS apps integrate with Dropbox specifically. I didn't include this as an official third item, because fuck vendor lock-in, but it is nice to have when you're in a walled-garden environment like iOS.
In the end, I decided that I was better off overall sticking with Dropbox and doing a better job of encrypting particularly-sensitive data that resides there. Dropbox has had some security incidents and stability issues, but they've always responded to them in a manner I would consider sufficient.
I'm paying Dropbox for it's service (SaaS, after all), not it's storage. I'm paying them to worry about keeping things up and running. Not because I can't do it myself, but because I want to devote my limited time to other things.
1. Let me explain. I still do backups on the client side with a mix of Time Machine, CarbonCopyCloner, and tar. So my data's safe.
But I still need to worry about backing up the ownCloud instance, as well. Because if that gets munged up, I can't use ownCloud anymore without reinstalling and reconfiguring it. With Dropbox, they worry about the back end, so that I can focus on other things that I want to focus on.
Some of the 3rd party plugins, such as the Music extension (which was included with ownCloud 5) looks like a security nightmare.
PHP by itself has had some security problems, but combine that with poor programming practices and I avoid it. Again, especially when privacy and security is key. But, I get the impression that you're just here for a PHP battle, so I'll bow out.
The only catch is that you have to run and install OwnCloud on your own server"
Your own server which adds its own data limits and pricing restrictions.
And potential reliability issues too. The storage infrastructure of something like dropbox will (or at least should) be massively redundant to reduce to near-zero the risk of people losing data due to hardware fault.
With something like OwnCloud you need to provide your own live redundancy and backups if your data is important enough to need them.
Having said that I'm looking at using OwnCloud for myself, and might suggest the group I work for use it too if my experiments with it show it to match out needs. But do be aware of what else services like dropbox provide that you need to manage and support yourself when replacing them with an in-house service.
I can't even get it to synch 100MB properly. I'm using ownCloud for about a year now and I run into issues all the time. Simply put a Git repo in your ownCloud folder and it will never stop synching.
That being said, I started using BitTorrentSync which is a peer to peer sync and I am happy with it so far and I am still testing it.
https://web.archive.org/web/20140130215227/http://dorktech.c...
or here:
I went with Ubuntu, 200GB EBS, M1X-large and the latest OwnCloud (6.0.1 stable)
Syncing has been brutal. We have a 100MB connection, and even the few test users I've put on it all are complaining of it not consistently syncing. Additionally there is no LAN Sync like Dropbox, so you're paying for all the bandwidth.
Since i't at somewhere between $250-300 for OwnCloud and it's been working so poorly, the $450/month for Dropbox isn't looking as bad.
It's a shame. There is good potential here, but as others mentioned the UI is really janky, and it doesn't consistently work as expected.
I did like the fact that you can go into linux and find where the files are stored and back them up.
Can't seem to get a cached version either.
I also use dropbox for work stuff that I don't care about from a privacy perspective.
Overall I'm happy with OwnCloud. Sadly they don't have an officially supported OwnCloud package for Synology, but you can have everything I guess.
And I have access to the full 1TB as if the files were local, even on my measly 120G macbook air, since the filesystem is backed by the network. It's kinda cool.
Needless to say, I switched away.
If you just want a solution to sync data with your server use bittorrent sync.
Personally, I use git-annex as my sync server, and all non-local transmissions are done over SSH using public key authentication, which is something that Dropbox will never implement.
If you aren't worrying about petabytes of data, you can run your own scheduled backup, take a copy off site, and test it regularly.
With Dropbox, you're right that they have more overall resources, but you also have no way to audit their processes. Other cloud services have lost people data. If you want to be secure in your data, you need a way to audit those processes, so you would need to do it yourself anyways.
If I know I have a known good backup in a fire resistant box off site, I know I'll have access to that data later. If I have data in Dropbox and then the next day it's gone and they don't return my inquiries, that's a possibility. Maybe they get shut down without warning for hosting copyrighted materials like megaupload. Maybe they have been cutting costs by gambling on the safety of your data. Maybe they get attacked and all of their online backups get destroyed, and they don't have an offline copy.
When I look at Dropbox's backup policy they tell me what is backed up, but they don't tell me how. I just have to trust them. But I really know nothing about them.
1) Dropbox has many thousands of their own servers, alongside the Amazon. It's not like they're just using raw S3 and nothing else.
2) Dropbox has a history of egregious mistakes which they try to sweep under the rug. Only a very silly person would believe that Arash has suddenly decided to be open and honest with the customers.
Remember, when you talk about Dropbox, you're talking about a company that flat-out lied, claiming that they encrypted your data so they couldn't read it, and didn't stop lying until the FTC got involved.
So yeah... when somebody says Dropbox is better than X, I tend to think that person is deluding themselves.
Edit: Bias alert; I work for Dropbox on our infrastructure team. I'm just curious about that particular incident, since it predates me and I'm always curious about these things.
I'll take open source code over proprietary crap any day of the week.
In which case there was no need to remark "because it's written in PHP" other than to appeal to the HN PHP sucks hivemind for upvotes.
> This makes me nervous when part of my mission is privacy.
Then you should not be using Dropbox. At all. At least owncloud is open source. Audit it yourself and patch any security hole you find if you really care about privacy.
> Some of the 3rd party plugins look like a security nightmare.
Disable them if you feel this way.
> PHP by itself has had some security problems, but combine that with poor programming practices and I avoid it
PHP has problems sure, but so does every language. I assume you're referring to owncloud (re. poor programming) as opposed to PHP as whole. Perhaps it is true, but at least with owncloud you have the option of fixing problems you notice, a luxury the closed source binary alternative does not offer you.
This was changed to simply say that they are encrypted after this FTC complaint was filed: http://www.wired.com/images_blogs/threatlevel/2011/05/dropbo...
Luckily for them (and unluckily for consumers) they got away with that particular lie during the early years where it was most valuable.
There's also a fundamental problem that Arash doesn't understand security. This was clear after the incident where no password was required in order to login.
Arash claimed that this was only a problem if you were one of the unlucky few who was actually hacked. He didn't understand that a risk exposure is also a serious problem, even if you happen to dodge the bullet on that particular incident. In fact, he seemed to get quite angry with paying customers who were upset by it because in his mind you don't have the right to be even slightly bothered by a major screw-up unless you were affected that time.
I understand that at this point Dropbox is huge, so it's full of people like you who don't have anything to do with the customer-hostile bullshit that the founders did... but it's still impossible to trust anything you guys do. After all, when the CTO is untrustworthy, only a very, very naive person would trust the product as a whole.
With the sterling reliability of the average residential ISP... For what it is worth, home runing is a viable option for many uses: I do run a server or two at home myself but important things are out in external DCs too.
> Everyone has an old computer with more storage space than you can ever afford from Dropbox
For transfers maybe, but are your really trusting an ancient box of parts long out of warranty with your long term storage?
> "Maintenance" is a bad criticism.
It isn't criticism (as it "this is bad and it is their fault because of how they've designed the product"), it is a perfectly valid concern when considering whether to run a service for yourself or pay someone else to do it for you.
> Use some stable distro and run apt-get update && apt-get upgrade once every couple of months
Remind me never to employ you as a sysadmin! There is (potentially) a lot more to it than that. what about setting up backups, monitoring those backups and testing those backups? What about connectivity: if you home connection goes down of you have a hardware failure while you are mobile who is going to fix it? If there is a fault with your physical line how long is it going to take to get people out to fix that?
You might not find those issues to be relevant to your (storage of and) access to your data, but to some people they are vitally important and need considering.
I'm actually planning to test an OwnCloud install for myself and family & friends, it looks like the feature set covers out needs quite nicely if it works well enough, but I can assure you I'm giving the above things all due consideration and I don't consider it "bad criticism" to do so (for my own data at least: friends and family will be told the service is free to use at their own risk!). I may even suggest we run an instance at work if my experiments with it go well, as we could use such a service but the nature of some of our data means that we can't trust it to 3rd party services.
No one ever said a DIY solution was going to be as reliable as a proprietary service, just that the relatively low risk is worth it for your freedom. I personally would never use Dropbox since they don't open source their technology.
This is the one that always gets me. Failure becomes more likely over time. You just dumped your faith in a more failure prone box.
Weird definition of everyone, even in the HN reading crowd. Lot's of twenty-somethings have moved several times in a short amount of time, and tend to ditch the cruft. I know I did.