Join 3,418 readers in helping fund MetaFilter (Hide)


Dropbox
October 24, 2011 2:39 PM   Subscribe

How Dropbox said "No" to Steve Jobs and lived happily ever after. (So far.)
posted by Trurl (110 comments total) 16 users marked this as a favorite

 
HTC just announced a new partnership with Dropbox that gives all HTC users 5GB of free storage. That would make me happy.
posted by KokuRyu at 2:42 PM on October 24, 2011 [2 favorites]


Given how the launch of iCloud has gone thus far, I am soooooooooo happy they didn't sell.
posted by middleclasstool at 2:45 PM on October 24, 2011 [7 favorites]


If he can get Adam Smith out for late-night drinks, I'm not surprised his business is doing OK.
And I'd be a user if it wasn't blocked in China, boo
posted by Abiezer at 2:47 PM on October 24, 2011 [1 favorite]


Tell a lie, it's back!
posted by Abiezer at 2:48 PM on October 24, 2011


Well, I like Dropbox in large part because it works with Linux. But I've got to admit that Jobs is probably right, in the long run it's a feature not a product.
posted by sotonohito at 2:48 PM on October 24, 2011 [9 favorites]


HTC just announced a new partnership with Dropbox that gives all HTC users 5GB of free storage. That would make me happy.

Really! I was planning to switch from my HTC phone to a Samsung phone in a few months, will the 5gb follow me?
posted by kafziel at 2:50 PM on October 24, 2011


Box.net's limited time offer of 50 GB lifetime free storage for iOS signups is still running.

All that space is nice. But it's still not Dropbox.
posted by Trurl at 2:53 PM on October 24, 2011 [4 favorites]


I think anyone can sign up for 2 GB of free storage. If you want an invite code memail me. You get an extra 250mb of space (and so do I).

I love dropbox, but I would never use it for anything secure.
posted by cjorgensen at 2:54 PM on October 24, 2011 [4 favorites]


Anybody can push an update with a bug. Once Dropbox found the security hole they patched it five minutes later. The next day they told the world exactly what happened, and what the exposure was.

That looks like a company that takes security pretty seriously, to me.
posted by FfejL at 3:02 PM on October 24, 2011 [24 favorites]


Last month Houston spent an evening with Mark Zuckerberg plotting ways to collaborate over generous portions of bison meat (the Facebook cofounder is eating only what he kills this year).

You heard it here first; Zuckerberg is literally eating privacy.
posted by wcfields at 3:03 PM on October 24, 2011 [21 favorites]


Yeah, that little security issue kinda sours the milk.

Still, I use DB often with clients as long as the data is not sensitive and the client knows the caveats. I also clear the box out religiously (even while the job is going on) to minimize any issues. I never actually work out of the local DB folder. It is just a transfer point. I am sure there is someone who could get to my stuff, but it is not like I a doing data cleanups on nuclear launch codes.

Interesting article though. Nice to see there is still some room for upstarts that have an idea and can deliver a decent product.
posted by lampshade at 3:04 PM on October 24, 2011 [1 favorite]


I love dropbox, happily pay a subscription for it, recommend it to others all the time, but he should have sold to apple (or microsoft). Storage is a commodity and tends towards free over time. Once icloud gets it shit together, i'm probably getting rid of drop box since it's better integrated with OSX, etc... and there's nothing to make it hard for me to leave.
posted by empath at 3:13 PM on October 24, 2011 [3 favorites]


A nice tribute to what Dropbox does is "Dumbing Down the Cloud".
posted by Trurl at 3:14 PM on October 24, 2011 [1 favorite]


Steve jobs didn't invent it the incandescent lamp, he made it just work.

I like Dropbox, but I am worried about their future. I too think it is a feature not a product. If their goal is to simply be a platform agnostic cloud storage options it might not work. I can see them cutting a deal to get included in windows though, "Windows 8 with Dropbox" would save Microsoft from trying to roll their own and having their effort untimely rejected by consumers.
posted by Ad hominem at 3:14 PM on October 24, 2011 [2 favorites]


Well, they have Skydrive for that...
posted by Artw at 3:16 PM on October 24, 2011 [4 favorites]


4 billion is a pretty big valuation for a firm who's pretty dependent on S3 for survival. Their worst case scenario is what, 50 petabytes of storage they're on the hook for?

I guess if you're investing in dropbox, you're assuming that at some point, amazon pulls the plug on you and suddenly you convert a fraction of the non-paying customers into paying, and dump the rest?
posted by pwnguin at 3:18 PM on October 24, 2011


I like Dropbox as well, but He-Who-Shall-Not-Be-Named-Lest-Certain-People-Fly-Into-A-Rage was right about it being a feature. Still, I would hate for it to lose its platform agnosticism. Probably the best thing that could happen for both the people at Dropbox and the user would be acquisition by another platform agnostic company like Amazon or Google. (Although their mobile platforms could be problematic in regards to that.)
posted by entropicamericana at 3:20 PM on October 24, 2011 [3 favorites]


[A few comments removed, please do not take out your personal topical frustrations on unrelated threads.]
posted by cortex at 3:24 PM on October 24, 2011


I'm afraid dropbox's security model is fundamentally unsound, FfejL. Ditto iCloud. Almost all these services use transport layer encryption with zero or worthless storage encryption. If you store your bank details in Dropbox, iCloud, etc. then a disgruntled employee easily take that information.

Wuala has a slightly better security model that's acceptable for unique information, but potentially introduces cryptographic weaknesses too.

In all case, there is a real possibility that the MafIAA walks in with a warrant for all the names of users possessing some particular movie file or whatever, although Wuala being Swiss makes that harder.

If you want some baseline level of security, then you must encrypt your data yourself before giving it up. I'll suspect Dropbox makes efforts to circumvent this, btw. There are of course real encrypted storage systems that do this for you, like Tahoe-LAFS or just simply duplicity, git, git annes, etc. with gpg configured.
posted by jeffburdges at 3:29 PM on October 24, 2011 [3 favorites]


Here's the thing with dropbox - it works just great as is.

Sure, bring it to more platforms, make the web UI more usable, optimize it and so on.

But with the kind of investments Dropbox has been getting from VCs I would have to assume Dropbox is under pressure to make big changes to their platform. I'm fearful of Dropbox bolting on stupid features that no one cares about and ruining a good thing.
posted by schwa at 3:29 PM on October 24, 2011 [3 favorites]


If you want an invite code memail me. You get an extra 250mb of space (and so do I).

Heh. From the article:

So rather than advertise, they turned their small but loyal customer base into salespeople, giving away 250 megabytes of free storage in exchange for a referral. One-quarter of all new customers still come to Dropbox this way.
posted by mediareport at 3:29 PM on October 24, 2011 [2 favorites]


Well, they have Skydrive for that

What kind of traction does that have? I forgot it even existed.

Didn't apple also recently poach one of Yahoo's datacenter guys? Seems a tacit admission they need help in that area.
posted by Ad hominem at 3:30 PM on October 24, 2011 [1 favorite]


What kind of traction does that have? I forgot it even existed.

Pretty much none, thus satisfying the "having their effort untimely rejected by consumers" part.
posted by Artw at 3:31 PM on October 24, 2011 [1 favorite]


Drew Houston... blasted his way onto Apple’s radar screen when he reverse-engineered Apple’s file system so that his startup’s logo, an unfolding box, appeared elegantly tucked inside.

I know what a file system is, I know what reverse engineering is, but that sentence doesn't make any sense to me.
posted by indyz at 3:32 PM on October 24, 2011 [28 favorites]


Almost all these services use transport layer encryption with zero or worthless storage encryption.

Worse than that, Dropbox actually checks to see if someone else uploaded the file before you did so it doesn't store more than one copy of the same file.
posted by empath at 3:32 PM on October 24, 2011


Good for them.
posted by ZeusHumms at 3:35 PM on October 24, 2011


Worse than that, Dropbox actually checks to see if someone else uploaded the file before you did so it doesn't store more than one copy of the same file.

Please explain how that is bad.
posted by entropicamericana at 3:36 PM on October 24, 2011


Pretty much none, thus satisfying the "having their effort untimely rejected by consumers" part.

Figured. That should have been "ultimately rejected by consumers" autocomplete should go by what I mean, not what I type dammit.

Please explain how that is bad

It is possible, if you have the checksum, to download a file you never uploaded.
posted by Ad hominem at 3:37 PM on October 24, 2011 [2 favorites]


Please explain how that is bad.

It means you can probe whether someone (anywhere) has put up a file by uploading it yourself and monitoring the upload time.
posted by kenko at 3:37 PM on October 24, 2011 [1 favorite]


Here's the thing with dropbox - it works just great as is.

It really is just kind of quietly perfect for my needs. I know that it has some issues, but for me, it does just what I need, no more, no less.

I'd hate to see it change significantly in any way.
posted by quin at 3:40 PM on October 24, 2011 [1 favorite]


I suspect I could corrupt a file in such a way that the checksums are the same as when it was uncorrupted.

I uploads corrupt file, checksums go into DB. You upload uncorrupted file, checks the DB and sees I uploaded it already. You just lost your file.
posted by Ad hominem at 3:42 PM on October 24, 2011 [1 favorite]


Is that likely or common?
posted by Artw at 3:43 PM on October 24, 2011 [2 favorites]


No it would have to be specially crafted, I don't know what hashing algorithm they use but CRC32 and MD5 are both subject to collision attacks.
posted by Ad hominem at 3:46 PM on October 24, 2011 [1 favorite]


Artw, the likeliness of someone who wants to poison dropbox's deduped file cache being able to do so depends on the cryptographic status of the hashing algorithm they use. If the hashing algorithm is broken, the cache is easy to poison.
posted by Fraxas at 3:46 PM on October 24, 2011


(for somewhat unorthodox values of 'easy', of course).
posted by Fraxas at 3:47 PM on October 24, 2011


entropicamericana: "Please explain how that is bad."

It means their API cannot encrypt your data on their end, and at some future date they may start charging you if you do it on your end, it if it means dedupe rates fall.
posted by pwnguin at 3:47 PM on October 24, 2011 [2 favorites]


I'm in a rush but don't want to misstate things. CRC32 isn't a hashing algorithm but a checksum algorithm. There are collision resistant checksum algorithms out there though.
posted by Ad hominem at 3:48 PM on October 24, 2011 [1 favorite]


Ad hominem: "No it would have to be specially crafted, I don't know what hashing algorithm they use but CRC32 and MD5 are both subject to collision attacks"

IIRC, the current MD5 collision against a given plaintext requires double the input size. Since blocks are all the same size, I don't think you can break it.

Yet.
posted by pwnguin at 3:50 PM on October 24, 2011


I love Dropbox and use it for so many things. My favorite feature is that I can upload a file to "Public" folder, post the link, and then update with new versions later and keep the same link. That sounds basic but most places you would upload files (besides an actual webhosting account or server) fail at this.

My only quibble is that the "syncing/public link" functionality is kind of at cross-purposes. Unless I'm missing something, I can't elect to sync only certain folders. So I can't automatically sync my account on a computer unless I want to download onto my HD stuff like the 800GB file of one of my movies I posted in "public" for people to download.
posted by drjimmy11 at 3:52 PM on October 24, 2011


Why deduplication might be a problem.

I guess it depends on how much contraband material you're storing on dropbox and how paranoid you are about it. I don't use it for anything more illegal than bootleg remixes, so I'm not overly concerned about it.
posted by empath at 3:52 PM on October 24, 2011 [2 favorites]


My only quibble is that the "syncing/public link" functionality is kind of at cross-purposes

My main quibble is that you can't just share a folder publically. And also that when you share with other people, all your shares count against everyone's total, which is kind of silly.
posted by empath at 3:53 PM on October 24, 2011 [1 favorite]


All these services do exactly that, empath, indeed that's how they offer the service so cheaply, presumably their merge engine even exploits this. And the real problem with this practice should be obvious : a fairly low level DropBox, Apple, M$, etc. employee can easily access anyone's data.

Wuala has a slightly more clever solution : They encrypt the file using it's own SHA. In theory, there is no way for a Wuala employee to access your files because they know only the encrypted file's SHA, not the original SHA with which it was encrypted. Yet, any two identical files encrypt identically, meaning Wuala need store only one copy for everybody. In practice, there might be cryptographic weaknesses introduced by this process, but whatever.

In fact, dropship's source code says they use sha256, ad hominem, which ain't yet vulnerable to rainbow table attacks, well otherwise the copyright police might surely begin attacking these services.
posted by jeffburdges at 3:54 PM on October 24, 2011


My movie was 800MB. 800GB would really be a problem.
posted by drjimmy11 at 4:00 PM on October 24, 2011


drjimmy11, under Preferences -> advanced you can choose which folders to sync. The first few versions did not have that option though.

I think Dropbox works so well because it is cross-platform, and it is trivial to share folders with other users, irrespective of OS. It's hard to imagine Mac doing this in such a way that PCs can share folders. And because they have such a large and quickly growing market share, the network effects make it ever more valuable to those who use it.
posted by a womble is an active kind of sloth at 4:00 PM on October 24, 2011 [2 favorites]


Thanks, womble!
posted by drjimmy11 at 4:02 PM on October 24, 2011


In all case, there is a real possibility that the MafIAA walks in with a warrant for all the names of users possessing some particular movie file or whatever, although Wuala being Swiss makes that harder.

There is actually no sound way to give what you want, without seriously compromising the feature set that dropbox has. User side encryption requires that there can be no website access, unless you do something easily as stupid, like Javascript or web plugin based encryption.

Also, I find it odd that people are complaining about the security of a service that requires the installation of a closed source program that has rights to all the damn files on your drive and runs as a service. You already lost the game. Wuala's the same. Without the source, it could be easily sending the SHA hashes up to the server.

Really, if you want the equivalent to dropbox to be totally secure from the party you're hosting, you'd need open source software, client side encryption, no web access.

What would really kill dropbox, from a money and security perspective, would be if someone came up with a slick fuse interface directly to s3, complete with configurable transports and storage encryption. Complete with ports to all of the OS's. Even the best interfaces to s3 have all the usability of ws_ftp. Transmit is the closest, and even that was annoying to use and set up. Given the progress of slick and easy to use interfaces for client side email encryption, I'm not holding my breath.
posted by zabuni at 4:05 PM on October 24, 2011 [3 favorites]


Do the RIAA or MPAA care at all about Dropbox? That is, there were plenty of fine products that synced files across your computers before Dropbox, but Dropbox was the first to make it super easy to share with other people. (Actually, Box.net is just as easy, I think.)

But yeah, no matter which way, they gotta sell.

My main quibble is that you can't just share a folder publically.

I don't follow. Do you mean that you have to send someone a link, i.e. it's not publically indexed and people can't browse to it? Cuz I think you can share with anyone.

Unless I'm missing something, I can't elect to sync only certain folders.

You're missing something, specifically Preferences > Advanced > Selective Sync. It only works folder by folder, but it works.

Otherwise there would be porn on my work computer!
posted by mrgrimm at 4:06 PM on October 24, 2011 [2 favorites]


Also, if you use a Wordpress-hosted blog like I do, I can't recommend enough putting your images and stuff on a Dropbox public folder and bypassing their nightmarish media upload process.
posted by drjimmy11 at 4:07 PM on October 24, 2011 [1 favorite]


You're missing something, specifically Preferences > Advanced > Selective Sync. It only works folder by folder, but it works.

Yeah, as womble said apparently I need to download a newer version of the software.
posted by drjimmy11 at 4:08 PM on October 24, 2011


There are various fuse interfaces to S3, zabuni, presumably most integrate gpg, but maybe not easily. If you need version control like git anyways, then configuring gpg isn't much more difficult.

I've grown interested in really anonymous cloud storage lately. You could provide this using an untraceable digital currency system : A coin issuer issues you blind signed coins in exchange for money, viewing ads, etc. You further blind the coin using a couple blinding broker's public keys. You redeem said coins with a service provider, such as a hosting provider. Your service provider redeems the coins with the blinding broker. And finally the blinding broker unblinds them and redeems them with the issuer. There should ideally be multiple companies providing each service in multiple countries, meaning you can use a Swiss broker, a Singapore issuer, and an American hosting provider. Yes, all these electronic middlemen take their cut, of course, but the resulting transaction becomes difficult to trace, although law enforcement could trace the transaction through the various countries rather easily when it pertained to stuff that's really illegal everywhere, like child porn.
posted by jeffburdges at 4:27 PM on October 24, 2011 [1 favorite]


"User side encryption requires that there can be no website access, unless you do something easily as stupid, like Javascript or web plugin based encryption."
Wait. What? I use a service for work here that does full client-side encryption and there's still web access. The entire decryption engine runs in javascript. The only thing I can't do is a server-side search based on file contents. Whee. It doesn't make the system 100% fool-proof, but it's much farther along the spectrum of security than DropBox.

There's plenty of reasonable middle ground. A lot of security-conscious people object to DropBox because they took one extreme.
posted by introp at 4:29 PM on October 24, 2011


I like Dropbox, and I like that they are platform agnostic, which is something we aren't going to see from Apple or Microsoft, but as others have said I don't quite understand them being "Tech's hottest startup" when for 99% of people their service will be replaced by something like icloud or skydrive or whatever is built in to their OS, and the others can get identical service from one of several competitors (I myself keep meaning to swap over to one that allows me to sync any folder on my phone rather than just the Dropbox, admittedly a feature that most don't care about).
posted by markr at 4:33 PM on October 24, 2011



The entire decryption engine runs in javascript.

Note the unless you do something easily as stupid part.

So you're cool with running arbitrary code from a vendor to encrypt your content? I know you can read it. You did audit the code right? And run hashes on it to make sure they don't change to rot13 when you aren't looking? And there's no side channel uploading of the content unecrypted? Or the key?

There's plenty of reasonable middle ground.

A security system is only as trustworthy as it's weakest link. You trust them a little, you've still trusted them.

There are various fuse interfaces to S3, zabuni, presumably most integrate gpg, but maybe not easily.

But they're ugly and hard to use, and aren't cross platform. It's almost the exact same problem as PGP email encryption, getting people to use the damn thing. It'd look something like encrypted git with fuse support. And if you did it right, it would be the coolest thing on earth, and pretty easily hosted.
posted by zabuni at 4:37 PM on October 24, 2011


I should add that if this is actually installed and run on your own servers, you'd only be trusting cross channel exposure, which would be easier to check on, and block. And if it is installed on your server, do they have a website to purchase it at? It might be useful for projects I work on.
posted by zabuni at 5:05 PM on October 24, 2011


Did Dropbox improve their uptime since last year? I was mildly appalled last year when I found out that some people hosted their websites on Dropbox at the same time I calculated that they had one day of downtime every 3 months.
posted by ZeusHumms at 5:12 PM on October 24, 2011


So you're cool with running arbitrary code from a vendor to encrypt your content? I know you can read it. You did audit the code right? And run hashes on it to make sure they don't change to rot13 when you aren't looking? And there's no side channel uploading of the content unecrypted? Or the key?
We audited the code because we wrote it. (And, yes, we actually have someone whose actually sane about security on staff.) The same rules, however, would apply to a third-party solution: Mozilla's signtool to bundle a signed jar which validates the signature of the JavaScript code that you're running. We're the ones doing the signing (and only our key is permanently approved for code exec on these machines) which, if this were a third-party service, we could still do on their JS. They'd likely charge us money for the annoyance of hosting one extra file for us, but its not like it would cost the server anything.

Web access on an untrusted machine is, of course, a no-no, but that's why there are multiple tiers of security and other authentication factors like phones.

Again, I'm not saying DropBox had to go to the Nth degree to provide security for their product. I simply object to the fact that they chose the far insecure side of the spectrum. I have no problem with places like SpiderOak, a fine DropBox replacement: encryption is all client-side but if you REALLY want to, you can access things on the web. At that moment you trust them, but they at least make best-effort to never swap the web-supplied key to disk, keep it in memory any longer than they have to, they limit server access to the smallest number of employees they can, etc. SOME effort. Security is Hard, but that doesn't give us a pass to not even try.
posted by introp at 5:13 PM on October 24, 2011 [3 favorites]


The security issue is solvable, for various level of ease, by truecrypt. I dislike trusting a 3rd party for really important stuff anyway: tax and mortgage docs, for example. Even were Dropbox "perfectly secure", I'd still want a second layer I control.

It makes a great cross-platform "network share" though. It's brainlessly easy to use and works equally well on Windows, Linux, BB and Android, in my experience. I assume it works great on the MacOS and iOs as well. Truecrypt is an extra click and a password entry, not a huge burden. My preferred password keeper works transparently with it. DB is almost magical compared with the old backup and restore I used to do---sign in and there you are.

I think agnosticism and commitment to being vendor neutral is going to keep it out of reach of the big vendors for a while. MS or Apple are going to have a hard time beating it.
posted by bonehead at 5:16 PM on October 24, 2011 [5 favorites]


I love dropbox, but I would never use it for anything secure.

Why wouldn't one just sign up for a BayFiles account? That's from The Pirate Bay folks, who aren't exactly known to cow-tow to the U.S. government, MPAA or RIAA or anyone, really.
posted by Civil_Disobedient at 5:24 PM on October 24, 2011


Did Dropbox improve their uptime since last year? I was mildly appalled last year when I found out that some people hosted their websites on Dropbox at the same time I calculated that they had one day of downtime every 3 months.

Dropbox uses Amazon S3 for their storage. Amazon had an outage, and it likely affected both Dropbox and your identified websites.
posted by pwnguin at 5:44 PM on October 24, 2011


Well, they have Skydrive for that...

In many ways, Skydrive is way cooler than Dropbox, but it's tough to get others to use it.
posted by KokuRyu at 6:00 PM on October 24, 2011 [2 favorites]


Well, I like Dropbox in large part because it works with Linux. But I've got to admit that Jobs is probably right, in the long run it's a feature not a product.
The problem with calling it a "feature not a product" is that it's a feature of something and not anything else. I mean I'm guessing you can't use iCloud with Linux, can you?
I guess if you're investing in dropbox, you're assuming that at some point, amazon pulls the plug on you and suddenly you convert a fraction of the non-paying customers into paying, and dump the rest?
In which case Amazon would be pulling the plug on themselves as well. I mean, if they did that no one would trust EC2 for critical business apps. Dropbox is paying the rates that Amazon asks for, which is like 10 cents per gigabyte per month, and they even have a 'free tier' now so you don't even have to pay if you don't have much data.
So rather than advertise, they turned their small but loyal customer base into salespeople, giving away 250 megabytes of free storage in exchange for a referral. One-quarter of all new customers still come to Dropbox this way.
Yeah given the prices on S3, you're getting 30 cents per year of free service.
Drew Houston... blasted his way onto Apple’s radar screen when he reverse-engineered Apple’s file system so that his startup’s logo, an unfolding box, appeared elegantly tucked inside.
I know what a file system is, I know what reverse engineering is, but that sentence doesn't make any sense to me.
Yeah... I read the article earlier and had no idea what they were talk talking about. I assumed they meant the startup screen?
I suspect I could corrupt a file in such a way that the checksums are the same as when it was uncorrupted.
Really? You think you can break SHA256? Seems... unlikely.

But the dedup thing is problematic overall. The RIAA could upload their own copy of a movie, and if it gets dedup'd then they could supena dropbox for the names of everyone with the file, or whatever.
Wait. What? I use a service for work here that does full client-side encryption and there's still web access. The entire decryption engine runs in javascript. The only thing I can't do is a server-side search based on file contents. Whee. It doesn't make the system 100% fool-proof, but it's much farther along the spectrum of security than DropBox.
Client side crypto is hypothetically bad because you can change the JavaScript on someone and then get their data if you control the server. But if you don't encrypt the data on the server anyway, then, of course, this doesn't matter because you can get the data anyway. So client side JS is more secure then simply leaving the files unencrypted.
So you're cool with running arbitrary code from a vendor to encrypt your content? I know you can read it. You did audit the code right? And run hashes on it to make sure they don't change to rot13 when you aren't looking? And there's no side channel uploading of the content unecrypted? Or the key?
That doesn't make it worse then leaving the data unencrypted.
posted by delmoi at 6:09 PM on October 24, 2011 [1 favorite]


bonehead: "It makes a great cross-platform "network share" though. It's brainlessly easy to use and works equally well on Windows, Linux, BB and Android, in my experience."

One thing I've always wondered is: why did webDAV never take off? I've still got graphic designer idiots asking for FTP, and software architects posting on their blog about how great dropbox is. WebDAV seems like it should be perfect: widely supported on major desktops, and HTTP based to sneak through annoying firewalls, and has easily available crypto.

But apparently the window has passed, and a quick search today suggests that Win7 suppports it poorly.
posted by pwnguin at 6:32 PM on October 24, 2011 [2 favorites]


Interestingly, many iOS apps support Dropbox. I can get files into GoodReader easily through a local file copy operation without having to use iTunes, which is more than I can say for iBooks.
posted by JHarris at 6:36 PM on October 24, 2011 [3 favorites]


The problem with webDAV was twofold: network speed was not high enough to support an IP based filesystem, and secondly the implementation SUCKED DONKEY BALLS on many platforms. Mac OS, for example, would freeze the Finder while trying to mount a webDAV volume. Dropbox works mostly because it keeps a local copy of the files so network speed/offline access is never an issue. Apple tried to do the same thing with (webDAV-based) iDisk but my God it was a nightmarish failure from beginning to end.
posted by unSane at 7:03 PM on October 24, 2011


The RIAA could upload their own copy of a movie

So if I add three seconds of random noise to the end of the movie, or clip the end credits, is it the same file?
posted by maxwelton at 7:03 PM on October 24, 2011


is it the same file?

Since you don't have the right to make derivative works, the point is moot.

Moot!
posted by Trurl at 7:32 PM on October 24, 2011 [2 favorites]


One thing I've always wondered is: why did webDAV never take off? I've still got graphic designer idiots asking for FTP, and software architects posting on their blog about how great dropbox is. WebDAV seems like it should be perfect: widely supported on major desktops, and HTTP based to sneak through annoying firewalls, and has easily available crypto.
Well, FTP, and now SCP work without any configuration. Actually these days I mostly use SCP to transfer files to servers that I'm running because it basically requires zero effort. WebDAV on the other hand, would mean spending a lot of time trying to configure Apache in order to get... what exactly? The ability to upload files, which I already have?

FTP usually isn't supported out of the box anymore, so it would require more work.

But even if you're using WebDAV you still have to setup your own server. With something like S3 or dropbox you don't. I wish someone would create an easy-to-use server UI that made it simple for people to run their own server, and run their own 'personal cloud' systems but unfortunately there's nothing like that, and setting up your own server isn't easy.

Anyway, a $4 billion valuation for DropBox seems insane. I mean, it's just a wrapper on top of S3. If they had their own data centers with their own hard drives, it might make sense.
So if I add three seconds of random noise to the end of the movie, or clip the end credits, is it the same file?
Uh, no. But if you download a movie off a public bittorent or something like that, then the RIAA will be able to download that same file themselves.
posted by delmoi at 7:36 PM on October 24, 2011


Issac Hall is the founder of another synchronizing system that you have never heard of and whose website makes me sad. He posted a really interesting answer on Quora about why Dropbox succeeded and synchcity did not. I guess he thought better of it because what is there now is pretty anodyne. However, brad delong's obsessive cutting and pasting an entire post he finds interesting rather than just linking comes in handy. (second comment, btw).
posted by shothotbot at 7:43 PM on October 24, 2011


He posted a really interesting answer on Quora about why Dropbox succeeded and synchcity did not.

I was about to say "Because 'SynchCity' is a really lame name" but actually the name was "Syncplicity". Which is still bad. But not as bad.
posted by delmoi at 8:06 PM on October 24, 2011


I’m going to have to agree with Mr. Jobs on this one. And they should have sold it. Isn’t that the whole point of starting something like this?

Dropbox is just not something that fits my needs. I signed up months ago because someone wanted to do it that way. That was the one and only time I’ve used it. Apparently for certain people it’s a godsend, but I don’t get it. But what do I know, I still use FTP. When something similar is built into OS X maybe I’ll figure out a use for it.
posted by bongo_x at 8:34 PM on October 24, 2011


Isn’t that the whole point of starting something like this?

Some people, amazingly, actually like to continue owning the business they created, and are happier doing so than they think they'll be after selling out.

Shocking, I know.
posted by mediareport at 8:41 PM on October 24, 2011 [5 favorites]


Certainly seemed to blow Jobs's mind.
posted by kafziel at 8:46 PM on October 24, 2011


He posted a really interesting answer on Quora about why Dropbox succeeded and synchcity did not.

Money quote [emphasis added]:

In the end, it really came down to one incredibly genius idea: Dropbox limited its feature set on purpose. It had one folder and that folder always synced without any issues -- it was magic.
posted by Trurl at 8:50 PM on October 24, 2011


In the end, it really came down to one incredibly genius idea: Dropbox limited its feature set on purpose. It had one folder and that folder always synced without any issues -- it was magic.

That's actually an interface issue. Being able to do more things is better, but being able to expose those things to a user in an intuitive way is hard.
posted by JHarris at 8:58 PM on October 24, 2011


Dropbox limited its feature set on purpose.

Sounds like another famous company.
posted by justgary at 9:07 PM on October 24, 2011 [2 favorites]


can this become a troubleshooting thread for iCloud? i've been looking for one all day.
posted by acyeager at 9:20 PM on October 24, 2011


Sometimes minimalism's too simple.
posted by kenko at 9:39 PM on October 24, 2011 [2 favorites]


Money quote from that:
Also — and this is something that the Quora answer completely underplays — Dropbox is quite technically sophisticated. It’s not just rsync on a minute cron, you know. It’s hooking into filesystem interrupts to notice when stuff changes in the synced folder, and doing it natively on every major OS. It’s got quiet but powerful ways of dealing with versioning conflicts. It’s also doing all of this with a high degree of polish (I mean: Growl notifications, c’mon). Plus it’s smart enough to do things like notice when it needs to sync within a LAN instead of over the net, avoiding complexities you might not have considered like NAT traversal. It’s not that it’s so simple; it’s actually a very sophisticated execution. It’s just that those parts aren’t necessarily visible (and no, many of its competitors were not as clever).
posted by kenko at 9:39 PM on October 24, 2011


Is drop box really just reselling s3?
posted by empath at 9:52 PM on October 24, 2011


Maybe the winning play for Dropbox is to repackage themselves as a software kit that ISP's could implement to provide Dropbox features everywhere, instead of having the mix of FTP and web-based file uploads/downloads that exist now.
posted by ZeusHumms at 10:21 PM on October 24, 2011 [1 favorite]


I've had that thing happen. Talking to a VC who tells me "it's a feature not a product" when this "feature" took many hours to get right. And that "big picture" that they rely on isn't bottom-up... it's based on some "what may happen" vision that isn't directly tied to what can actually happen. Because, you know, most of the money people who can't code worth shit have no real idea of what is actually possible.

All the big new dotcoms are features. Facebook helps you communicate with friends. Google helps you search. Twitter lets you send little dinky messages, for chrissake. All of these are "features", right? Features of some big-ass new product that will become the model-T of the information superhighway.

I don't believe it for a second. It's actually hard to make these little "features" work right and if you get it right you really do have something worth hanging onto for a while. Innovation from the bottom replaces top-down venture capital.
posted by twoleftfeet at 10:28 PM on October 24, 2011


>Isn’t that the whole point of starting something like this?

Some people, amazingly, actually like to continue owning the business they created, and are happier doing so than they think they'll be after selling out.<

I guess what I’m saying is I don’t see how they have a long term future. Where do they go from here? How long is it viable until someone comes out with something that makes it obsolete, and then what? It seems like the move would be to build it up and sell it to someone who can integrate it into a bigger system.
posted by bongo_x at 10:41 PM on October 24, 2011


How long is it viable until someone comes out with something that makes it obsolete, and then what?

My point is that it's probably not as easy to do this as you might think. I haven't tried to develop online file storage to the same degree. It seems pretty easy to copy, but I don't know the real complexities, and I can definitely see that there could be real complexities. The idea seems simple enough, but there could be landmines during execution. Somebody who has actually done this would have a much better idea than I do.

Online file storage is the future. We're all going to live in the cloud soon. If it seems like somebody is running away with that future then they're going to get a ridiculously high valuation, and it might be justified.
posted by twoleftfeet at 10:55 PM on October 24, 2011


I guess what I’m saying is I don’t see how they have a long term future.

Two years ago open sourcers were desperate to come up with self-hosting alternatives at LinuxConfAu2010 and none of them came up with anything remotely easy-to-use and cross platform. iCloud might be great if you're totally locked-in to the Apple containment field, but is basically useless one you want to mix and match.

DropBox is really, really slick and easy to use, and it works with most anything you want to use. I don't think people quite grasp how hard that is.
posted by rodgerd at 12:00 AM on October 25, 2011 [6 favorites]


In many ways, Skydrive is way cooler than Dropbox, but it's tough to get others to use it.

Not least because cross-platform support seems kind of ropey and hack-y, in a bad way.

Also, DropBox has a network effect going for it now.
posted by rodgerd at 12:13 AM on October 25, 2011 [1 favorite]


In many ways, Skydrive is way cooler than Dropbox, but it's tough to get others to use it.

And dropbox does iOS/Android/etc stuff. My primary use of it is just getting stuff onto my iPad while avoiding iTunes.
posted by Chekhovian at 12:29 AM on October 25, 2011 [3 favorites]


Dropbox works fine, but it seems like anyone who wanted to could make something comparable.
posted by snofoam at 12:36 AM on October 25, 2011


If you have a Windows PC or a Mac there's also SugarSync. They also have IOS/Android/Symbian/Blackberry clients and they give away 5GB for free.
posted by davar at 1:41 AM on October 25, 2011


For those concerned about security, encfs works beautifully with Dropbox - it's a FUSE filesystem that encrypts your stuff on a file-by-file basis. Works on Linux, OS X out of the box - on Windows you need an app called (I think) BoxCrypt.
posted by jack_mo at 2:09 AM on October 25, 2011 [1 favorite]


Dropbox works fine, but it seems like anyone who wanted to could make something comparable.

And yet they haven't. Maybe it's not that easy, after all.
posted by rodgerd at 2:42 AM on October 25, 2011 [3 favorites]


Being able to do more things is better, but...

No.

From the last comment at the "Sometimes minimalism's too simple" link [emphasis added]:

DropBox’s strength is that it delivers a user experience that’s so simple the user doesn’t have to think about it.

From "Dumbing Down the Cloud" [emphasis added]:

The magic of Dropbox is that it doesn’t ask you to think about what you do. You care about one thing: do I have access to the most recent version of my files? And with Dropbox, yes, you do. ... When I’m using Word, I keeping seeing Word, and I don’t see what I should be seeing, which is what I am writing. When I’m using Dropbox, I don’t even know that I’m using it because it is designed be transparent.

The reason Simplenote wasn't ruined by adding tagging - a change feared by not a few of its users - is that, as one writer put it, if you didn't use the new feature, you wouldn't notice it was there.

I am confident that the Simplenote team took pains to make sure of that.
posted by Trurl at 3:18 AM on October 25, 2011 [1 favorite]



The reason Simplenote wasn't ruined by adding tagging - a change feared by not a few of its users - is that, as one writer put it, if you didn't use the new feature, you wouldn't notice it was there.
I am confident that the Simplenote team took pains to make sure of that.


Then it's an interface issue, like I said. Evidently Simplenote found an interface for tagging that could be ignored if you didn't want to tag something. That doesn't mean they were wrong for adding tagging, but that they were right for keeping it unobtrusive.

>>Dropbox works fine, but it seems like anyone who wanted to could make something comparable.
And yet they haven't. Maybe it's not that easy, after all.


Um, someone mentioned box.net upthread.
posted by JHarris at 4:27 AM on October 25, 2011


Drew Houston... blasted his way onto Apple’s radar screen when he reverse-engineered Apple’s file system so that his startup’s logo, an unfolding box, appeared elegantly tucked inside.

I know what a file system is, I know what reverse engineering is, but that sentence doesn't make any sense to me.


indyz, your problem is that you know what those words mean. But they weren't written by someone with that knowledge; they were written by a journalist.

Here, let me translate:

Drew Houston... got Apple to notice him when he decided to use an animated icon as his startup’s logo, an unfolding box, that was very similar to the image used by the file manager of Apple’s OS. Fortunately, Apple did not sue him out of existence for trademark infringement.
posted by IAmBroom at 5:29 AM on October 25, 2011


someone mentioned box.net upthread

Yep, that was me. And my point was that it doesn't out-compete Dropbox despite offering 25x as much free space because I have to think - albeit not very hard - about how to use it.
posted by Trurl at 5:40 AM on October 25, 2011


If the privacy issues bug you, and you have a server, you can use ownCloud instead.
posted by LogicalDash at 5:46 AM on October 25, 2011 [1 favorite]


Oh, apparently encrypting your Dropbox folder on the filesystem level works just fine.
posted by LogicalDash at 5:50 AM on October 25, 2011 [1 favorite]


Do any of these dropbox encryption solutions work truly cross platform? Can I access my truecrypt files easily on my android, for instance?
posted by Thoth at 5:59 AM on October 25, 2011


My only quibble is that the "syncing/public link" functionality is kind of at cross-purposes. Unless I'm missing something, I can't elect to sync only certain folders. So I can't automatically sync my account on a computer unless I want to download onto my HD stuff like the 800GB file of one of my movies I posted in "public" for people to download.

While you can do this with dropbox selective sync, you can't pick arbitrary folders from your computer to cloud sync; they all have to be under the dropbox folder.

This is why I switched to sugarsync. They have a very nice cross-platform client that puts a 'magic briefcase' folder in your documents folder that works the same as dropbox, i.e. all pcs/macs get synced with that. However, you can also sync arbitrary folders outside that folder too. If you sync from just one computer, it's effectively a backup to cloud; if you sync multiple pcs to that folder, then it works like a parallel briefcase folder, and you can sync as many or few pcs as you want to that (each using whichever local path you want), while keeping your briefcase universal. You can obviously have multiple syncs with different stuff from different places.

I use it to keep my minecraft folder (in %appdata% on windows, library/application support on osx) in sync between an osx and a windows pc for example, along with some other game saves in their default locations. You can also backup say, your photos and music to cloud, without having to faff about choosing which machines do and don't get them in the main folder.

The android client lets you specify which, if any, folders get synced to the local storage. I have an android folder in my briefcase, and any files that go in there automagically sync to my phone sd card, but nothing else. It also auto-backups photos if you want, and you can stream music from any pc running sugarsync even if the music isn't synced to cloud.

There's also web access of course, and public folders - you can declare any folder, in the briefcase or otherwise a public folder with access control and/or read/write access, or you can use the provided folder which is web-only, i.e. not synced to your pcs.

Finally, you get 5GB free (+750MB for completing the tutorial), and its cheaper than dropbox for more. They're doing a 50% sale at that moment.

If you use a referral code, you (and the person that referred you) get an extra 500MB free, or you both get 10GB if you buy a paid plan. Referral code available via mefi mail if you like.

Not paid by them, BTW. Just after trying out a number of alternatives (after wuala dropped the free-trading) I've found sugarsync to be really good, but dropbox is the one getting all the press. Between sugarsync, evernote, lastpass, gmail/calendar/contacts and my steam folder on another drive, I can basically zap my computers at any point, do an upgrade and fresh install + visit to ninite.com (or fresh install lion) or have a hard-drive failure and all my stuff is available without having to sod about with restoring anything.
posted by ArkhanJG at 6:36 AM on October 25, 2011 [2 favorites]


If you use encryption with DropBox or iCloud, you'll lose their history and merge resolution features.
posted by jeffburdges at 6:53 AM on October 25, 2011


No, I'm pretty sure the history will still work. Dropbox can still see when the file has changed; otherwise it wouldn't know whether to upload.
posted by LogicalDash at 7:09 AM on October 25, 2011


box.net reviews of their synch client
posted by cjorgensen at 7:51 AM on October 25, 2011


You cannot pack deltas of encrypted data, otherwise your clearly vulnerable to differential crypto-analysis. Yes, you may store the entire file multiple times, but they won't keep nearly as many revisions that way. And I'd assume they keep zero revisions if a single encrypted filesystem occupies over half your dropbox.
posted by jeffburdges at 8:03 AM on October 25, 2011


IAmBroom: Drew Houston... got Apple to notice him when he decided to use an animated icon as his startup’s logo, an unfolding box, that was very similar to the image used by the file manager of Apple’s OS. Fortunately, Apple did not sue him out of existence for trademark infringement.

Of course! It's so simple. The icons are basically identical! Look for yourself

New to trolling Apple users are we?

I think the thing Apple was curious over was how Dropbox managed to "badge" Finder icons with their "synced"/"syncing" badges. I poked around when Dropbox first came out on the Mac and it looked liked they were injecting their code into the Finder's Quartz rendering code. It was a pretty neat hack - especially considering Apple doesn't provide an API for applications to do this.

Pretty sure the technique they were using isn't possible today so I'm curious how they're doing it.

posted by schwa at 8:53 AM on October 25, 2011



Ubuntu also provides a 5 GB free cloud storage - Ubuntu one.

So far, I've been happier with it than with Dropbox; the client is far less obnoxious and obtrusive. Similar to dropbox, encryption via encfs is supported.
posted by Pogo_Fuzzybutt at 9:13 AM on October 25, 2011


Well, the big selling points of Dropbox for me are -

I run an old Mac, two Linux boxes, and a Windows instance. If I need to move a file around, I just drop it in the Dropbox folder and boom, there it is. Nothing super private, usually just an ebook or such, but...

I also like the link idea. I noticed a lot of Linux projects were using Dropbox for resource files, and, recently, I needed to share a largish file with a smart, but not too geeky, friend out of state, so, I sync'd it and sent her the link. She downloaded it and all was well. I also did something similar with a large error capture file and a software vendor recently since it was so easy. I just had to ask they confirm file receipt so I could remove the file from the space when done.

Soooooo, nthing the wise for web providers to do something like this. I am working on a site for my dad and it would be SOOOOOO nice to make a change, save the file, and BOOSH site updated.
posted by Samizdata at 11:26 AM on October 25, 2011


With 3 kids in school, 2 working parents, and somewhere in the neighborhood of 5 computers of various flavors floating around the house, having everybody's school projects available on any computer they pick up (version controlled and BACKED UP!!!) via Dropbox is a godsend. Honestly, just as good for me as a never empty basket of fish and bread.

No more "Have you seen my flash drive?"
No more "I have to use the macbook because I was working on my paper on it and now he's using it just to play stupid internet games!"
No more "Sugar Honey Iced Tea! I stuck the flash drive in the computer and it tells me I need to format it! Why is it saying that to me? This computer sucks! Why can't this just work!"

Now all I have to do is explain why Publisher doesn't exist on the mac...
posted by ElGuapo at 11:55 AM on October 25, 2011


Just thought I'd mention that there is absolutely nothing stopping you from PGP-ing your Dropbox files.

In fact, I seem to remember the Dropbox guys mentioning PGP as "the thing to use if you put things on the internet that you don't want other people to see" after the deduplication fiasco.

If you want to encrypt your dropbox, then, goshdarnit, you're more than welcome to encrypt your dropbox using whatever means you see fit.
posted by schmod at 9:42 PM on October 25, 2011


If you want to encrypt your dropbox, then, goshdarnit, you're more than welcome to encrypt your dropbox using whatever means you see fit.

Sure, but this will completely fuck up dedup. I wonder if there is a point at which duplication ratios fall to where they toss up their hands and start charging you based on utilization.
posted by pwnguin at 7:09 AM on October 26, 2011


I doubt they'd charge more for non-deduplicated data, penguin, more they'd rather charge everybody separately when they deduplicate data, although that might change if someone starts offering discounts on deduplicated data.

There are various problems with the absence of client-side encryption in DropBox, iCloud, etc., including :

- Adding encryption weakens their merge resolution, which presumably they handle server side, which increases the chance that their merge resolution corrupts data.

- An encrypted filesystem quickly exhaust the free space inside your quota that holds the document history functionality.

- Encrypted individual files become more exposed and vulnerable to traffic analysis, i.e. either "oh, I'll copy this guy's bankdetails.zip in case his password ever surfaces on the internet somehow" or "hey, this activist has the same encrypted file as this bank's VP, I wonder if the bank will buy that information".

I've been extremely vocal about cloud based systems lacking encryption because they represent a fundamentally greater level of access to personal information. You should not however trust closed source encryption software with anything terribly important either though.
posted by jeffburdges at 9:58 AM on October 26, 2011


While you can do this with dropbox selective sync, you can't pick arbitrary folders from your computer to cloud sync; they all have to be under the dropbox folder.

Actually that has been an option for as long as I can remember in Dropbox. I sync some folders outside my Dropbox folder by creating symlinks and it works great. I also selectively encrypt some files by making some sparse disk images and encrypting them with AES-256 in Disk Utility.
posted by ridogi at 7:59 PM on October 26, 2011 [1 favorite]


« Older With almost 2,000 posts, I Heart My Art has a deep...  |  "Long ago Occidental man acqui... Newer »


This thread has been archived and is closed to new comments