Tyler Muth’s Blog

Technology with a focus on Oracle, Application Express and Linux

Dropbox for Servers

Posted by Tyler Muth on September 29, 2011

I love dropbox. Let me say that again: I love dropbox! I’ve been using it for well over a year now and it’s the best file synchronizing / sharing service I’ve found (and I’m certainly not alone in that opinion). I use it on my laptop, my home desktop, my home server, my iPhone, my iPad, and with selective-sync, on my wife’s laptop. All of my important files (up to 50 GB worth which is what I pay for) are synced between all of those places all of the time. I don’t send 20 MB email attachments (which completely annoys me), I send links to download from dropbox. The list goes on and I’m now on a bit of a tangent.

Sever Use Case

I work on a lot of shared servers, such as for POVs (proof of value, benchmark) and most of them are Linux-based (I also sometimes use Amazon EC2 instances to teach APEX Classes). I found myself spending a lot of time transferring files to and from the server such as SQL scripts, AWR reports, SQL Monitoring reports, etc via scp (sometimes rsync). I didn’t want to setup my dropbox account on the server as well since it has all of my personal files too. Then I had a bit of an epiphany(and I’m sure I’m not the first one to think of this):

  1. Create a 2nd, free dropbox account (2 GB of free space)
  2. Setup that account on the linux server using the CLI version of dropbox located here. Dropbox has a formal, supported Linux client, but there were a number of package dependencies and specific versions that were more challenging to work around than it was worth.
  3. Share a folder between my primary dropbox account and my 2nd dropbox account.
Since all my secondary dropbox account will see are the folders I share with it, anyone else that happens to be on the server won’t have access to my personal files. Whatever files I add to that folder on my laptop will almost instantly show up on the server and vice versa.

Security Caveat

Having co-authored a book on security (“Applied Oracle Security“), it’s clearly one of my primary interests. While dropbox does encrypt your files when stored on it’s server and does use TLS to encrypt them on the network, and they have policies and internal controls in place to prevent their own employees from decrypting them without authorization, it’s still possible. They store and can access the encryption keys. If the government compels them to decrypt your files, they can and will. So, if you’re storing your tax records or corporate intellectual property, I strongly encourage you to use some form of client-side encryption. Personally, I use a truecrypt file (which I mount as a disk) for super-sensitive stuff within dropbox. Actually, my whole dropbox folder sits on a truecrypt volume (50 GB) which prevents someone that steals my laptop from getting to all of my files, but this does nothing to stop dropbox employees from accessing them. I then create small (1-30 MB) truecrypt files / volumes within dropbox to encrypt anything that is super-sensitive before it leaves my laptop. So, my layers are Big Truecrypt Volume > Dropbox Folder > Little truecrypt volumes for any sensitive files.

5 Responses to “Dropbox for Servers”

  1. Brian said

    I love Dropbox as well and use it daily. I have used Truecrypt before, but not with Dropbox.

    Isn’t it a pain having to mount and dismount Truecrypt files all the time? You can’t access a Truecrypt file from more than one location, which makes the “seamless” syncing offered by Dropbox a bit cumbersome, since you always have to mount and unmount volumes before they can be synced and accessed on another device.

    For example, if I’m in a hurry and need to quickly shut down my laptop, I have to remember to unmount my Truecrypt files before I shutdown.

    Are there easier ways around this? Or am I making this a bigger deal than it needs to be?

    • Brian,
      an easier way is to use one of the many dropbox alternatives out there where you have full control over the encryption key(s). This comes with the downside that there’s usually no browser access, but on the other hand you have truecrypt-like functionality built in.
      Make up your mind with this list of alternatives: http://alternativeto.net/software/dropbox/

      Personally, I do use dropbox a lot for anything where security is not so relevant. In Europe, Strato and Wuala are good options for end-to-end-encryption, but your mileage may vary.

  2. Several people with migraine headache episodes are usually unaware that will his or her diet plan can be a adding take into account triggering such episodes. Migraine headache sufferers react by 50 percent …dr. simeons hcg diet

  3. Lan said

    Why people still make use of to read news papers when in this
    technological globe all is presented on web?

  4. very good

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: