funkify

Is this all still supposed to be true? I'm using 1.4.106 Beta on Linux. In my Options > Preferences > Advanced, I have no link, checkbox, or field for "peer_expirations_days" or "More options" or anything of the like.

This is by far the biggest reason I'd like to see this open sourced. I want the security vetted by the community. The concept of there being better / more security for an enterprise version makes me anxious. Unless you mean something DRMish, there shouldn't be any real security present in one version and not the other. There are ways to license it so they can still make a buck, and make their code readable. It's all for the sake of good security. In fact, I'd wager they would make more money doing this, since people would trust the security more making it more popular.

Just upgraded from 1.1.48 to 1.1.70 on Linux. I LOVE that the main preferences tab has a new tab for Authorization, but as far as I can tell, I think it could use a little work: Especially since the Password field shows only masked chars, there should be a 'confirm password' field too. It doesn't bother me, since I can copy a password in from lastpass, but I'd imagine fat fingers are a problem for a lot of people. When coming back to the webui, and logging in, I would prefer a login via a modal window, or really anything else in the same browser window, as opposed to a new browser window. Using a new browser window can be annoying if you want to close the original browser tab / window, and it also is unclear which original viewport the new window is related to, which is a problem if you are on a LAN and trying to access multiple webguis at the same time. Whether or not there are any restrictions for passwords, this should be stated. On one machine I experimented with a 20 char password with special chars. Now when I copy the password back in, it doesn't work. Too many chars? Can't handle special chars? Or red herring and something else is wrong? By the way, I'm not quite sure what to do about this to fix the problem, which brings me to... some way to do a password reset. Maybe I just need to delete some config file (if I have access to the .sync dir, I would think I had permission to reset this), but there should be a way to do this, and instructions shouldn't be too hard to find. Even if it's a bit rough around the edges, thank you for implementing this feature! Edit: I did reset my password. I made a config file, set the password to nothing (empty string: "") and restarted btsync, then set a new password in the webui. I assumed this was more secure, since the password would be hashed, and the hash would be stored. After doing this, I checked. A grep showed the plaintext password in the sync.log file. So I guess that's another thing I'd like changed. The plaintext password shouldn't be stored, and instead a salted and hashed password should be used. It is only protecting the ui though (I think) so maybe it's not that big of a deal. The new and old passwords are also listed in the log separated by ampersands, so that (though not definitive) leads me to believe special chars in pwds are not allowed.