You can submit a question to Security Now! at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve’s site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
What are your thoughts about today’s show? We’d love to hear from you!
I’m surprised you haven’t checked out ZeroTier (.com)
Very easy to setup and has clients for just about everything even including my Asus router via Asus Merlin.
Basically i have an always on private network which if i had access to the router where i currently live, i could route it directly (peer to peer) instead of using ZeroTiers cloud as i am at the moment.
It’s also very handy when i’m out and about as i can SSH in, RDP in etc etc.
100 clients on the free tier - i have 7:
2 Linux Mint PCs
2 Macs
2 iPhones
1 Asus Router (edit: in repeater mode)
And you can also configure up more than one network, invite people to join, and also configure public networks too.
cool. Feel free to ping me if you have any questions as i’ve been using it now for about 8 months and basically you set up your network public or private (i chose private for probably obvious reasons) through their web interface. Then you “join” your clients through the client software on Mac, Linux, Windows, iOS, Android etc etc and authorise them through the web interface.
You can also invite someone to join your private network for whatever reason, authorise them, and then when they have finished you uncheck the box and they no longer have access. This can also been done on the CLI.
I’ve also installed No Machine on the Linux servers (PCs) i have and i can RDP into them from my rMBP via ZeroTier even if i use a VPN whilst on my local cafe’s WiFi. It’s brilliant !! Typically i just SSH in to do any maintenance etc but you get the idea.
edit: i sound like a sales rep hehe, but just a satisfied customer. I still can’t get over the 100 clients and multiple networks allowed on the free tier !!
Haven’t finished the episode yet but on the topic of sync I wish there would be a way to sync the Google Photos on the cloud to the disk. It used to be possible but Google removed such sync with Google Drive. Ugh…
Steve reviewed the security features of sync.com, But he didn’t mention how it performed. I have an SMB and with 5-10 people editing within a shared folder it can get bogged down. We use Resilio Sync for that now and it keeps the 45GB of shared data synced well, but more importantly, the sync happen almost instantaneously. I remember performance being an issue why Steve started using Dropbox in the first place. I guess I’ll need to do a trial run of sync.com in the office to see. We need the shared folders.
In case you don’t know, this is what BitTorrent Sync grew into. Accordingly, it would be peer to peer. So it might be faster to sync amongst your employees if they’re all in the same location on the same network, as it wouldn’t need to send up to the cloud only to pull it back down again.
Good show, thank you. The privacy policies of the online storage providers Steve mentioned was enlightening - wow! If I understand correctly, a provider may be sharing information about me based on what I have in my cloud drive. Scary.
I had Dropbox limit (virtually shut down) my account because I tried to share a link to a licensed file with my partner. I have not used Dropbox since.
I would weigh in on Resilio Sync too. I have been using it for years (free version) and was really looking forward to Steve’s promised review of their security and privacy brief here.
Sure it’s proprietary and they don’t give us all the technical details, but the brief reads pretty clearly and as long as they’re not outright lying to us, it seems securely designed. Data transfer is peer to peer (unless a relay server is needed because of NAT). Only the clients have the keys and nothing is stored on their servers. Transfers are really fast and I believe it is smart about differential syncing. Since it’s peer to peer, the only storage limit is the size of your hard drive. You can sync arbitrary folders too, not just the sync folder.
Of course we have to trust that they’re doing what they’re saying, but since getting caught doing funny business would be the end of their business, I have no reason to doubt their intentions. Open source would be preferred, but I’ll still take it.
The UI is not perfect, but gets the job done. Leo will be happy to know that it runs on Linux and Mac too. I have a Raspberry Pi with a big USB hard drive at my parents’ house for off-site backup. It uses a neat “Encrypted folder” feature where the remote data remains encrypted at rest (so my parents can’t see it). In return, I give them an encrypted folder on my machine so we both get off-site backup (without exposing our data to each other).
Anyway, sorry for the sales pitch, but I just don’t feel like it got a fair representation on the podcast. I’ll try Syncthing when I get a chance, but this is easier for now.
After looking to make my own cloud, I ended up on Resilio Sync as well. Though I don’t have near the security/privacy concerns as probably regular SN listers, I just wanted a way to move files between my always on Windows machine, 2 macs, and iOS devices. The only thing I didn’t like was how it shared files. I’ll continue to use Google/Dropbox/Box, since most other people still do, but I’m going to use the web interface only and no longer have 3 separate services running. I tried some of the other options, but none had a easy Windows option (usually requiring Docker or virtualization). That’s above my pay grade, though I did try.
Thanks for a great show. I’ve been looking at syncing an Drobo 5N2, Synology DS418play, MacBook Pro, and my Windows desktop.
Since the show, I’ve installed SyncThing. I was looking at Resilio Sync before the episode came out.