willjasen

Members
  • Content Count

    15
  • Joined

  • Last visited

About willjasen

  • Rank
    Member

Contact Methods

  • Website URL
    http://willjasen.com

Profile Information

  • Gender
    Male
  • Location
    Johnson City, TN
  • Interests
    artificial general intelligence, the Internet and networking, emergence, the quantified self, consciousness, transparency, and the future of everything

Recent Profile Visitors

641 profile views
  1. You may have seen other posts on the forum regarding rainstash, but after 5+ years of development and tweaking, I feel that it's in a place that it can be distributed as a version 1.0 If you're interested in running Sync securely in the Amazon cloud, check it out! https://github.com/willjasen/rainstash/releases/tag/v1.0
  2. rainstash was initially developed before Resilio Sync had the encrypted folder key feature so to the design was to store the Sync program and its data on a software encrypted volume (LUKS) in order to store data as securely as possible. Because the design decision was to not store the encrypted passphrase, the encrypted volume has no way to be unlocked upon restart of the instance, at least in an easy manner. AWS has a calculator that can be used to estimate monthly costs for an instance. The majority of this cost is assumed to be the size of the volume that stores the Sync data. The most
  3. Somewhat easy to use and developed by myself - host your own in the Amazon cloud. https://github.com/willjasen/rainstash
  4. It's been a while since I've posted, but I believe the latest updates I've made to rainstash makes it as secure as it can be. The template now only accepts encrypted folder keys by default, as well still stores this data on an encrypted volume. Still free to good homes! https://github.com/willjasen/rainstash
  5. I'm having this same issue as well. I've been able to have it work before but not any more. I've even tried binding sync to the Thunderbolt bridge interface (bridge0) but still nothing. Did anything come of the support ticket?
  6. Can someone clarify this a little more? I setup a owner/read-only peer pair, revoked all permissions for the read-only, but the read-only still has a cache of already downloaded files. One might expect it to revoke permissions and clear the cache.
  7. That's what I mean though.. I get that BitTorrent Sync is using the private IP addresses of both networks (let's say 10.0.0.0/24 is one and 192.168.0.0/24 is another) but that assumes the networks are close together. In this case, they are separate networks, only joined together via VPN. Just pointing out a case in which Sync is making an incorrect assumption that leaves no workaround other than to tear down the VPN..
  8. In an environment that I'm running BitTorrent Sync in, there are two separate networks connected via VPN over a WAN. I've set the sending limit on all clients to 128 KB/sec, but it never takes effect due to Sync thinking that the networks are together on a LAN. While there is an advanced setting to limit traffic even for LAN clients, this isn't suitable because I want the maximum transfer speed on each actual LANs while maintaining the transfer limit between the separate networks. Is there another way that achieves both goals?
  9. I'm not completely up-to-date with tweaking BTSync 2.0 but I have created an automated deployment template for Amazon CloudFormation for BTSync 1.4. In that version, its SSL settings are determined by the variables ssl_certificate and ssl_private_key which point to the plaintext certificate and its plaintext private key, respectively. I imagine this same tactic can be used with BTSync 2.0 on Synology. Check out the template at https://github.com/willjasen/rainstash as it may be of some further assistance.
  10. All communication with a rainstash instance is encrypted. Of course, Sync itself communicates securely. The only other processes accessible are SSH and HTTPS, both of which are encrypted. SSH uses an industry minimum standard 2048-bit key per how Amazon creates key pairs. The Sync web interface has been configured to use a 4096-bit key for extra security. It is also recommended that SSH and HTTPS is only available from a trusted IP, minimizing potential abuses. For storage, rainstash uses cryptsetup to create a fully encrypted volume on /dev/xvdf, where the Sync app, synced folders, and Sync
  11. Generally, you can wget or curl to retrieve the files from S3, but you'd need to make sure they were available publicly and that's not a good idea for security. I would use the aws cli to retrieve objects from S3 securely using https and IAM authentication. However, as a note, S3 is server-side encryption (when used), meaning Amazon holds the decryption keys. While that makes it very usable, it's less secure than if only the user has the decryption keys. Also see: http://forum.bittorrent.com/topic/33342-sync-in-the-cloud/
  12. In the marketing of BitTorrent Sync, I detect a shyness away from the cloud, but if Sync is as secure as it claims, utilizing the cloud with Sync shouldn't be a security issue and should provide extra benefits. Enter rainstash, an open source Amazon CloudFormation template to deploy an instance of the latest version of Sync in the Amazon cloud with very little effort. With security in mind, only necessary network services are made available, web traffic is forced to be https (though the self signed certificate doesn't validate, but that's expected), and a separate disk volume that is encrypted