willjasen

Members
  • Posts

    15
  • Joined

  • Last visited

Contact Methods

  • Website URL
    http://willjasen.com

Profile Information

  • Gender
    Male
  • Location
    Johnson City, TN
  • Interests
    artificial general intelligence, the Internet and networking, emergence, the quantified self, consciousness, transparency, and the future of everything

Recent Profile Visitors

864 profile views

willjasen's Achievements

Member

Member (2/3)

  1. You may have seen other posts on the forum regarding rainstash, but after 5+ years of development and tweaking, I feel that it's in a place that it can be distributed as a version 1.0 If you're interested in running Sync securely in the Amazon cloud, check it out! https://github.com/willjasen/rainstash/releases/tag/v1.0
  2. rainstash was initially developed before Resilio Sync had the encrypted folder key feature so to the design was to store the Sync program and its data on a software encrypted volume (LUKS) in order to store data as securely as possible. Because the design decision was to not store the encrypted passphrase, the encrypted volume has no way to be unlocked upon restart of the instance, at least in an easy manner. AWS has a calculator that can be used to estimate monthly costs for an instance. The majority of this cost is assumed to be the size of the volume that stores the Sync data. The most recent change to rainstash was to use standard magnetic drives in order to store this data as it is the cheapest cost per GB. The calculator can be found here: https://calculator.s3.amazonaws.com/index.html
  3. Somewhat easy to use and developed by myself - host your own in the Amazon cloud. https://github.com/willjasen/rainstash
  4. It's been a while since I've posted, but I believe the latest updates I've made to rainstash makes it as secure as it can be. The template now only accepts encrypted folder keys by default, as well still stores this data on an encrypted volume. Still free to good homes! https://github.com/willjasen/rainstash
  5. I'm having this same issue as well. I've been able to have it work before but not any more. I've even tried binding sync to the Thunderbolt bridge interface (bridge0) but still nothing. Did anything come of the support ticket?
  6. Can someone clarify this a little more? I setup a owner/read-only peer pair, revoked all permissions for the read-only, but the read-only still has a cache of already downloaded files. One might expect it to revoke permissions and clear the cache.
  7. That's what I mean though.. I get that BitTorrent Sync is using the private IP addresses of both networks (let's say 10.0.0.0/24 is one and 192.168.0.0/24 is another) but that assumes the networks are close together. In this case, they are separate networks, only joined together via VPN. Just pointing out a case in which Sync is making an incorrect assumption that leaves no workaround other than to tear down the VPN..
  8. In an environment that I'm running BitTorrent Sync in, there are two separate networks connected via VPN over a WAN. I've set the sending limit on all clients to 128 KB/sec, but it never takes effect due to Sync thinking that the networks are together on a LAN. While there is an advanced setting to limit traffic even for LAN clients, this isn't suitable because I want the maximum transfer speed on each actual LANs while maintaining the transfer limit between the separate networks. Is there another way that achieves both goals?
  9. I'm not completely up-to-date with tweaking BTSync 2.0 but I have created an automated deployment template for Amazon CloudFormation for BTSync 1.4. In that version, its SSL settings are determined by the variables ssl_certificate and ssl_private_key which point to the plaintext certificate and its plaintext private key, respectively. I imagine this same tactic can be used with BTSync 2.0 on Synology. Check out the template at https://github.com/willjasen/rainstash as it may be of some further assistance.
  10. All communication with a rainstash instance is encrypted. Of course, Sync itself communicates securely. The only other processes accessible are SSH and HTTPS, both of which are encrypted. SSH uses an industry minimum standard 2048-bit key per how Amazon creates key pairs. The Sync web interface has been configured to use a 4096-bit key for extra security. It is also recommended that SSH and HTTPS is only available from a trusted IP, minimizing potential abuses. For storage, rainstash uses cryptsetup to create a fully encrypted volume on /dev/xvdf, where the Sync app, synced folders, and Sync's configuration, including the HTTPS public/private key pair, resides so that data is never stored on Amazon’s storage in the clear. The only security issue that I can think as of yet is that the disk encryption password resides in clear text in the RAM allocated to the instance upon its creation and while it is running. It may be possible to retrieve the key while the instance is running through really complicated means like a cold boot attack, but I see the chance in this case as extremely slim - see http://en.wikipedia.org/wiki/Cold_boot_attack As an aside, I’m glad to hear someone finds rainstash interesting and potentially useful!
  11. Generally, you can wget or curl to retrieve the files from S3, but you'd need to make sure they were available publicly and that's not a good idea for security. I would use the aws cli to retrieve objects from S3 securely using https and IAM authentication. However, as a note, S3 is server-side encryption (when used), meaning Amazon holds the decryption keys. While that makes it very usable, it's less secure than if only the user has the decryption keys. Also see: http://forum.bittorrent.com/topic/33342-sync-in-the-cloud/
  12. As above, I'm not hijacking, but I've created an open source CloudFormation template that achieves a similar goal to the tools mentioned above; it's free to use, will always be open source, and is under your own control. http://forum.bittorrent.com/topic/33342-sync-in-the-cloud/
  13. While usesync.com is no longer in service, a new tool now makes it possible to create your own BitTorrent Sync cloud with very little configuration. http://forum.bittorrent.com/topic/33342-sync-in-the-cloud/
  14. Something I've created relevant to this thread, a roll-your-own btsync in the cloud: http://forum.bittorrent.com/topic/33342-sync-in-the-cloud/
  15. In the marketing of BitTorrent Sync, I detect a shyness away from the cloud, but if Sync is as secure as it claims, utilizing the cloud with Sync shouldn't be a security issue and should provide extra benefits. Enter rainstash, an open source Amazon CloudFormation template to deploy an instance of the latest version of Sync in the Amazon cloud with very little effort. With security in mind, only necessary network services are made available, web traffic is forced to be https (though the self signed certificate doesn't validate, but that's expected), and a separate disk volume that is encrypted with cryptsetup is used to store Sync data. The upsides? Deploy one instance in the east region and one in the west region for better redundancy, or better yet, deploy five in each and two in Ireland! (I don't know why Ireland, the point is, it's easy to do!) The downsides? It still costs to run an Amazon instance, and the cheapest currently - t2.micro - plus data transfer costs is still around $10 to $15 per month per instance running 24/7 for an average use case. Please feel free to provide questions, comments, and improvements! https://github.com/willjasen/rainstash