BT Cloud Sync

[jtroth]

BTSync is a really high quality product and I thoroughly enjoy using it. You guys are great; thanks for all your work.

Over the past couple weekends, I've put together a site that gives me public access to my sync folders. Did this for a couple reasons.....

1. My computers are seldom on at the same time (when I go to work, my laptop goes to sleep, when I come back home, my work computer gets disconnected from the internet, phone has limited space), and I needed an 'always online' node.

2. I wanted read/write access to my shares without having to sync on the local device.

3. I'd like to start experimenting with some RSS type feature (subscribe to feeds with shares).....needed a testing playground and this had some overlap.

https://www.btcloudsync.com

I'm waiting with bated breath for encrypted nodes so I can approach these requirements from a TNO perspective.....but looks like we're a few weeks away from that happening. In the meantime.....feel free to use this if it suits your needs.

[rusl]

Wow. This is awesome. I just tried it and it's great. I have some questions, of course.

So I gave your site a read-only secret to a test folder I created and I notice that your site joins my shared folder straight away. It appears to have synched my folder pretty much as soon as I gave your site the secret. I just placed a simple example.txt file in there for testing. So you then have a copy of my example.txt file on your server....

So you've created a web front-end which provides access to the file-system on your server, basically?

This is *exactly* what I wanted to achieve but I'm not a programmer or particularly handy with servers/Linux.

What measures are in place to protect any random person from stumbling onto my shared folder? It appears that if I don't use the optional "name" then it is just the shared secret added onto the domain name. If I use the optional "name" field then the URL is even easier. Is it possible for these addresses to be scraped by a bot/crawler? Is there a robust mechanism in place to prevent directory listings. Silly question but as a newbie I don't know how these things work. Have you thought about creating a folder name and password which can be used to access the folder - the idea being that a shorter password is easier to remember than typing in the long shared secret?

I've asked in the wishlist thread for web access to the file system for individual downloads and here you've just solved it.

Good work. Are you planning to commercialise / open source / keep it to yourself ? (Edit: hint: I'd love to run my own instance of this on my VPS!)

Edit 2: So I just removed my shared folder from my BTSync client and it remains on your server. How long do you plan to keep the contents of a removed shared folder before you consider it abandonned? Maybe you should specify to the users something like: "Your client must synch with this server at least once a week or your folder will be deleted". Just a thought..

[jtroth]

What measures are in place to protect any random person from stumbling onto my shared folder? Is it possible for these addresses to be scraped by a bot/crawler? Is there a robust mechanism in place to prevent directory listings.

Yes, I have designed the site to prevent enumeration of shared secrets and the shares' 'nicknames.' This is done with OS level permissions. I've tried to keep things as simple as possible; there is no database so no vector for sql injection. Both the BTSync process (which owns everyone's files) and the web server are given very limited access, so even if someone could get code from their shares to execute on the server, they wouldn't be able to do much (and I've also protected against remote code execution). The weak link is the BTSync process......but these guys seem like they know their stuff and I'm not too worried.

Have you thought about creating a folder name and password which can be used to access the folder - the idea being that a shorter password is easier to remember than typing in the long shared secret?

I've thought about it, but it's tough to implement without a database. Databases add complexity and another attack vector, but it's something that I'll consider for the future. Thanks for the input.

Good work. Are you planning to commercialise / open source / keep it to yourself ? (Edit: hint: I'd love to run my own instance of this on my VPS!)

I was actually thinking of releasing a docker image; it will give me a good excuse to play around with docker But yea, I'll put the source out there one of these days if you're interested.

How long do you plan to keep the contents of a removed shared folder before you consider it abandonned?

Until I run out of disk space. I don't know, I'll have to make a policy decision before this becomes an issue, but it's luckily not an issue now. I have a cron job that auto removes egregious disk hogs, but that's the extent of it right now. I'll be putting a 'remove' button on the directory list page sometime this week.

Glad you can get some use out of the site.

[MRACHINI]

Nice

oh also u can basically host a small site on it

[LazyWolf]

One thing I would recommend would to use AppArmor to harden the btsync process a bit.

[jtroth]

I've made some improvements to this, and have added a more feature rich file manager.  My favorite feature is that you can now edit and save text files from the web if you've entered a full-access key.  File creation/uploading will probably come in the next few days.

 

Demo:

https://www.btcloudsync.com/a-mixed-bag

 

[HugoZippy]

If someone just wants to replicate the function of dropbox to drop files in folder and get a sharinglink for them "in the cloud" then u could try pydio (formerly known as ajaxplorer). free & open source.
 

this in combination with the possibility of adding bittorrentsync-keys as presented by the threadstarter would be superior. (maybe make a fork of ajaxplorer?)

[tjarra]

This is a great extention to BT Sync. Hope you continue good work!

[albertramsbottom]

Why don't you get a raspberry Pi and stuck in a 32GB USB Stick and configure it to be a Bittorrent sync server and leave it on forever, its only 5 watts so wont even be noticeable on your elec bill. Every time you connect to the internet anywhere in the world, your devices sync

[FTBoomer]

Very Cool,  Is there a way to revoke permissions or remove a folder?

 

Disregard,  just created a new shared code

Edited November 14, 2013 by FTBoomer

[JamesTuttle]

 

I've made some improvements to this, and have added a more feature rich file manager.  My favorite feature is that you can now edit and save text files from the web if you've entered a full-access key.  File creation/uploading will probably come in the next few days.

 

Demo:

https://www.btcloudsync.com/a-mixed-bag

 

Jtroth-  This is very cool functionality!  I would like to ask you a few questions about this relating to a request from one of our clients.  Could you please contact me when you have a minute?  

 

Thanks!

James Tuttle
612-564-2545
James@MyStorageHouse.com

[willjasen]

Something I've created relevant to this thread, a roll-your-own btsync in the cloud: http://forum.bittorrent.com/topic/33342-sync-in-the-cloud/