Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Couchdrop – Secure cloud upload server (couchdrop.io)
54 points by mshindo on July 17, 2016 | hide | past | favorite | 28 comments


Not bad, trying it out for some use cases it could fit quite well. Cheers!

Good:

* Temporary credentials, that can be added e.g. per machine basis (very useful!)

* Very simple Dropbox integration

Bad:

* No way to upload to a subdirectory (but in dropbox root), it should be really like other Dropbox apps, that goes to a separate Apps/ dir.

* No way to separate uploads into directories either, eg. `scp filename user@host:somewhere/` will actually create a "somewhere" file, instead of "filename". `scp filename user@host:somewhere/filename` will upload nothing.

Ugly:

* I'm logged in as "Signed in as michael.lawson", not sure what is going on, account info leaking across accounts, or it's just a placeholder text set up left over from somewhere?

* Using `ssh-dss` server host key, have to explicitly enable in my ssh settings with HostKeyAlgorithms (see http://www.openssh.com/legacy.html)

* Password authentication with SSH, so either run it interactively, or use `sshpass` to do upload in a script non-interactively.


michael.lawson looks like someone who forgot you clean up code and who wrote the program (footnote of page): https://news.ycombinator.com/item?id=12109739


Oh man, he's going to be internet-famous in a few days if that doesn't get fixed. Next time he applies for a software job, the technical interviewer will be like "Micheal Lawson? The Micheal Lawson?! <insert new meme>"


Nous sommes tous Micheal Lawson


His name is Michael Lawson.


The first 'default' tentative failed:

  $ scp g13578.png <user>@ssh.couchdrop.io:
  Unable to negotiate with 54.66.180.100 port 22: no matching host key type found. 
  Their offer: ssh-dss
The second works with a small fix:

  $ scp -oHostKeyAlgorithms=+ssh-dss g13578.png <user>@ssh.couchdrop.io:
  Password authentication
  Password: xxx
but I don't understand why I'm logged as michael.lawson!?!


I'm not sure why that is, but michael.lawson is the author of the tool.


How again do I increase security by adding a middleman server to the process that I don't even know? How do I know what happens to my files exactly? How do I know I can trust you guys with my files?


Sourcecode has just been released to github. https://github.com/bluewhale/couchdrop


Website not usable on iOS. For any company or organisation, never mind a technology focused operation, this really should not be the case.


Curious why you don't direct that at the company responsible for iOS?


Doesn't work well in Chrome for Android either. I'm missing part of what's on the left side and somehow can't scroll there.


Seriously? Was it Netscape's fault when someone built a site that only worked in IE?


When you use an OS that is well known for rendering html/css issues I can't see why you would be surprised and not direct that to Apple.


Why not both? I assume some rendering issues can occur, but I expect competent developers to deliver some degree of usability across mainstream browsers.


Apple don't exactly have a strong mechanism for feedback. And the rules of the game are out there already. So players have to fit the rule book. That's why people building web pages test on multi devices.


Clever idea. I'd be a bit hesitant to hand account credentials over to a service like this, but there are people who are more comfortable with that than I. One nitpick about the landing page, though:

> This means you can upload your files direct to your desktop from devices that do not support Dropbox or Amazon AWS storage and its secure.

Services like this really ought to have proper spelling and grammar on the landing page. This is a run-on sentence. It also uses "its" where "it's" should be used. It doesn't matter to me (I have no use for something like this), but it's likely going to put some people off.

I'd suggest just changing it to "securely upload", and get rid of the end of the line entirely.


is this actually working already? signed up, logged in and it says signed in as michael.lawson on the upper right.


Same, I cant add any DB account.

Is it possible to mount and list files using fuse or sshfs ? or is it just write only ?


Good idea, I need it. but michael.lawson on top ???? Many security issues involve. Better make it open source.


This looks like a really good idea! The only thing is that I’d rather not give it full Dropbox access.


You can attach a Dropbox or a Google Drive folder to your server and then access them via SCP?


It looks like it only works with AWS and Dropbox. For Google Drive you'll need another encryption tool like Syncdocs http://syncdocs.com


sorry but when should I use this?


Wouldn't a completely stateless read/only server be a lot more secure?


anyone know what the privacy policy on this? i am guessing they(clouchdrop) can read/write your dropbox/s3?


I don't know. I was not blown away. I don't know why it is 'robotic' all it is doing is sliding one way or another. You could make something out of MDF on wheels and move it by hand easily. Much less effort and complexity.


Wrong thread?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: