-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Built-in synchronization #819
Comments
Adding to the discussion: The protocol used for Sync should be
As protocol, WebDAV comes to mind. It sure has issues but is well known and established in the open source community. Downsides are the high complexity of the protocol (afaik). Perhaps there are better alternatives. For Sync, not only a file transmission / storage access protocol is needed, but also a sync protocol, that compares files. Here we can perhaps learn a lot from Syncthing. In case Sync screws up, there should be an option for automatic backups. |
Hi! May be you don't have to develop sync by yourself and just look at Seafile integration for selfhosted solution. Seafile does already support markdown edititing and preview, has git-like engine with version control support and it very mature and stable. May be you just can provide an integration mechanism with it. That way you can also free your resource to make Notable more mature and powerful and concentrate forces on mobile apps. And may be to add more features to desktop apps like alarm or notification by time. Please consider to look at Seafile. P.S: You are doing nice job and the excellent product! |
@oleksalab I'll check it out 👍 |
In my opinion you don't need a build in synchronization solution. All this is already done by Syncthing. It's open-source, encrypted and peer-to-peer which makes it secure and private. I would recommend to mention this way of synchronization in the documentation as the recommended way to go. Personally I think that notes are such a private thing, that it's worth for every user to deal with solutions like Syncthing, even if it is an additional tool to install. I use for example the android client, mac client and the docker version for my server to sync my notes. Works like a charm. :) |
Eventually this app will become usable by regular people too, and they can be asked to set-up Syncthing on their own. I'll surely take a look at how Syncthing works though. |
The APP is really excellent, and if you are going to add the syncing function, webdav is a wonderful choise. Thanks for your effort by the way. |
I use Notable because of it's simplicity and the ability to use my own sync (Nextcloud, personally). Synchronization is a big can of worms which for a small project will very likely distract from the core features of the app, so tread waters carefully. If you do decide for sure to do this, at least make it optional. |
@NuSkooler It can be a can of worms but it's important to make the project long-term sustainable. It will be opt-in, available behind a subscription actually. |
Hope WebDAV supported. |
Security? How do I know you're not reading everything I note? A build in solution which just does the syncing and which cannot be disabled can't be good |
@nickbe the built-in solution will be opt-in and to be paid for. Security-wise I'm thinking end-to-end encryption is the way to go. |
Updates on this issue? |
@fabiospampinato I think you misunderstand me here.... I'm talking about the risk of you reading everything we store on your servers.... not about transport encryption. |
End-to-end encryption doesn't mean TLS, data in the server would be stored in an encrypted form and I won't have the decryption key. |
But basically this is also something that involves trust, isn't it |
@nickbe What do you mean, are you planning on making your own computer and operating system from dirt or something? Unless you plan on doing that you'll have to have some trust on the people making the apps you are using, or the people making the operating system you use, or the people making the processors everything you do runs on. |
@fabio: If you think you can trust people....look around.... and think again. Read the daily reportss about data theft, misuse of servers, services and so on. Our servers are attacked 24/7 - we block dozens of IPs every day. In our line of business - security comes first - then curiosity. We support many projects, with work and/or money. But we always ask questions. This might seem uncomfortable and uncommon for you - but the criminal intend or stupidity of people we encounter everyday is proove that I'm right in what I do. Asking questions is probably the best thing we humans can do. It's a way to survive and to evolve. |
I hear you, that's why the cloud offering will be end-to-end encrypted, if that doesn't sound good enough to you as I said unless you build your own computers from dirt that opinion is useless. |
You can keep the source OSS so the end-to-end can be reviewed and still have a business model if you want to sell SaaS syncing. E2E is something you'll want peer reviewed if you want trust. |
@NuSkooler How do you suggest to get the actual code that runs on the server to get peer reviewed? Should I give access to every person asking to review it? |
What you would actually need is a complete client side JS encryption that can be reviewed by anyone. That way we could check and confirm that whatever reaches a server is already highly encrypted with the users password and cannot be decoded without his keys. |
@nickbe If one really wants to the current bundles can be unpacked and inspected (and really that must be done when questioning trust, it doesn't matter what the code somebody publishes is if the shipped one could be totally different), of course production code is not development code so don't expect comments and stuff. Also there's always the devtools available, which can be used to inspect network requests, of course network request can also be intercepted a lower level too, which would make sense to do since trust in the app would be the thing being questioned. |
@fabiospampinato If you do it correctly you don't need to release the server side implementation. A review of the client side will reveal if the data can or cannot be accessed server side / by anyone but the account / key material owners. |
@fabiospampinato Exactly. |
I might have missed it, but has automatic syncing to a git repo been considered? I would love to just point Notable at a private repo on my Github |
@icorbrey Considered and dismissed.
You can just do it, you don't need the app to do anything in order for you to be able to do that, there are scrips like git-sync that makes this easy. |
why not use git servers as a way to store, sync and restore files it already has the versioning controls for the other feature build in |
did not saw you comment I agree. |
Any update on this feature? |
Synchronization support should be built-in, in order to make it easier to use. It will enabled better mobile apps and other features.
The text was updated successfully, but these errors were encountered: