Setting up basic synchronization
-
(Ignoring the entire thread)
Would something like GlusterFS be overkill?
In fact, since you have a server, why not a NFS share or equivalent?
-
(Ignoring the entire
threadtopic)Would something like GlusterFS be overkill?
In fact, since you have a server, why not a NFS share or equivalent?
Our current client application implementations are all browser plugins, and I'm not aware of any way to read a NFS share from javascript.
Note: if you read the rest of the
threadtopic, you'll find I've been wrong before.
Filed Under: Discourse!
-
I'm not aware of any way to read a NFS share from javascript.
No, but your server code should be able to.
And, I'm wrong?
-
@rad131304 said:
I'm not aware of any way to read a NFS share from javascript.
No, but your server code should be able to.
And, I'm wrong?
FileReader is supported, but then I'd have to get the user to set up a NFS share connection .... And then I'd be managing a whole new interface just to access files. I think going though the existing web API is simpler. Not an invalid approach, though.
Plus I'd have to push the auth token to access an individual user's files to the OS for use - I don't see how that's a particularly viable approach in this case considering we'd like to prevent access to another user's encrypted information.
-
considering we'd like to prevent access to another user's encrypted information.
You could do that with the javascript, but that's like negative security points.
We're getting into non-viable solutions here because we're looking for more solutions past the obvious proven ones.
-
Agreed - I'm all the way down to doing storage + notifications.
An update comes to the server with the ID and SHA hash of the block it wants to overwrite, if both are valid, then the overwrite occurs and the server pushes a notification to the rest of the clients who update accordingly. If the SHA hash is invalid, the client uses the server data to update and then moves forward with it's change, if necessary.
-
If you want the server to detect conflicts without being able to read the content, then add "Update Sequence Number" metadata to the records. Each record gets a vector of USN's, one for each device that has ever made a change to that data. When a device makes a change, it either adds or modifies its USN record with a device-specific sequential number. When the server gets an update, only one USN record is allowed to be different from the server's data state. If more than one are different, then you have a conflict.
The server can't resolve conflicts, because the server can't read the data, but the server could use the metadata to tell the client which device they conflicted with.
-
Yes yes yes, but the point is: thousands of companies are successfully doing it, so difficulty-aside, it's definitely possible.
Actually, some of them are being sued. Compromising a database is sometimes done through the tactic of assault-by-lawyer.
Depending on jurisdictions, it may be legally unwise to trust the server.
If it is physically impossible for you to decrypt any user's data, then you cannot be legally obliged to do it.However, if it is technically possible, then a lawsuit in Country A could force you to do so in a manner which causes you to breach data protection or privacy laws in Country B.
For example, Microsoft are currently defending a lawsuit that might force them to break EU privacy laws and hand over EU users data to US investigators, because said US investigators can't or won't go through the proper legal channels to gain access to data held in EU servers.
One simpler solution is not to be American and not to do business with any Americans, however this isn't always possible, and isn't necessarily future proof.
-
However, if it is technically possible, then a lawsuit in Country A could force you to do so in a manner which causes you to breach data protection or privacy laws in Country B.
Yeah -- at that point, you go tell the court in Country A "sorry, no can do, we'd break statute X in Country B if we tried"...For example, Microsoft are currently defending a lawsuit that might force them to break EU privacy laws and hand over EU users data to US investigators, because said US investigators can't or won't go through the proper legal channels to gain access to data held in EU servers.
Gotta love the spawn of J. Edgar Hoover...One simpler solution is not to be American and not to do business with any Americans, however this isn't always possible, and isn't necessarily future proof.
If nothing else, because the shoe can find itself on the other foot at times. Imagine getting a case thrown at you in a UK court where revealing the defendant's identity would be in violation of US law...Filed under: who said multinationals have it easy?
Read files in JavaScript | Articles | web.dev
Can I use... Support tables for HTML5, CSS3, etc
