Open Redsandro opened 6 years ago
I don't this is much of a bug. If Boostnote was constantly reindexing and rereading the files, the processor would implode I'd you have more than just a few notes.
@ItsPugle where is your developer spirit? :nerd_face:
Perhaps it's not technically a bug, but it is most definitely is an "issue".
If using Dropbox as a note share is being documented and promoted from within the app, it is deceitful and extremely dangerous to leave it vulnerable to accidentally removing an entire day's worth of writing.
Of course there are options, but it begins with admitting that this is dangerous and undesirable.
The best option, made specifically for cases like this, and the one that e.g. Dropbox itself uses, is inotify
on Linux. I believe that winfsnotify
is the Windows counterpart, and kevent
is for OSX. There is a multiplatform library called fsnotify
. And multiplatform node modules that could possibly be used with Boostnote are:
A lesser solution, one that e.g. Tomboy Notes uses, is to sync the files every 10 minutes.
Not going to lie. My developer spirit is on a train half way across Australia 🤣
I wonder if a broader discussion around cloud storage x Boostnote needs to be had. I'd love to see a more dedicated and centralised cloud storage system for Boostnote that doesn't require third-party software... Maybe @kazup01 would be able to look into stuff like partnering with organisations to help cover the cost of cloud storage?
I really enjoy the fact that multiple Storage Locations can be added, existing anywhere I choose (e.g. in a Dropbox/Drive folder). This setup allows me to easily share Storage Locations with myself across multiple machines, and (if this issue is resolved) it would also allow me to share Storage Locations with my team.
I'm wary of a "more dedicated and centralised cloud storage system for Boostnote that doesn't require third-party software", from the perspective of losing flexibility. Using Bear as a reference to explain this - it only provides iCloud synchronization, which makes it impossible for me to synchronize both personal & work notes across machines or share notes with other people.
In this specific case I tend to agree with @JamesChevalier, altohugh this subject matter is outside the scope of this issue. Please continue here: https://github.com/BoostIO/Boostnote/issues/126
I've hit this bug 2 weeks ago when i first discovered and tested it. I'm using Boostnote on Arch and OSX. Boostnote is opened on both computer, but if i already have a note opened on both, to refresh it, i need to close and restart.
IMO,
Not knowing that the note you're actually viewing / saving got updated before because your Boostnote instance was still running is a big deal :)
And no, there is no need to constantly check for it, notifier and a basic check can be really useful to prevent loosing data and make Boostnote usage really powerfull across devices :)
(by the way, congrat on the project, loving it. =)
@tito You're right. We need both of them. I'll tackle this too. But, don't hesitate to try. I assume my work should be very experimental. So there should undergo trial and error a lot.
FYI, I'm going to use pouchDB the renewed app, which might become Boostnote Lite(?). So I can only focus on UI/UX to resolve conflicts.
Be careful with how you address this. If you combine this feature with issue #1443, you could create a pretty nasty combo that would allow any user or application with permission to write to the files to execute arbitrary commands on any computer with the notebook open or that opens the notebook. I'd fix #1443 before addressing this. This is a similar issue to that of Office document macros.
My first thought would be to have localized settings for Boostnote that grant permissions for individual pages to execute scripts. That way the notebook files will sync, but the setting required for execution would be unique per installation. Unfortunately, it would still require a user-based trust model.
Agreed. Someone who hacked your dropbox can change your most frequently used/changed Boostnote notes, sit back, and wait for the user to open that note. Someone who has access to one computer can take over all your computers. Potentially. I'd say #1443 should be addressed before anything else.
"The attack surface seems to be small" is one of the worst thoughts one can have when dealing with vectors.
@flakpaket I've created a PR to address the security concern: https://github.com/BoostIO/Boostnote/pull/1634
I never shutdown Boostnote nor my computers so when I switch to using a different one I have to manually refresh my notes with CMD+R. I use Mac and Windows. It feels so weird to me that Boostnote doesn't watch the filesystem. At least it doesn't on any of my computers. So I have to remember to do this. It seems like a big missing feature.
Keep in mind. If I forget to CMD+R it will replace what I wrote on another computer.
Boostnote should use a bare git repository for its storage backend. Would sync fine over dropbox at this scale, opens up tons of other sync backends, never loses anything. You could always open it in a git client and find anything that went missing
Even with file monitors thrown in the mix, external syncing with no internal consistency is always going to be a wildcard
You can script all the operations you need via the git CLI, I maintain a node package for it. That approach is nice because it's easier to audit commands and co-develop along CLI, but it would require users to have a git command on their system. A more portable approach would be to use a package that binds to native libgit2. On every save you compute a new commit, and when you go to update the master
pointer you can easily ensure moving to the new commit is a fast-forward. Most conflicts could be merged automatically by git, and it cases where automatic merging fails you can just replicate the current behavior of overwriting with the current save, but also backup the other path to a branch
Ever seen what they do in Keepass? Every time it is about to save, it checks whether the underlying file is changed. If it is, it will offer to merge.
Doing the if-newer check would be a quick improvement over the current behavior, and stop some easily prevented loss. But Boostnote will never know what Dropbox is about to do, or has done, with file versions and modification times.
I've started working on this. I'm using nsfw
- basic file watching is added in my branch feature-auto-refresh-ext-change but I'm not sure where I should add the updating/warning logic.
I'm using the eventEmitter
to emit the changes - so I need to check the best location to add the logic. Not sure, maybe Notelist
component is the right location.
I'm not getting the file date from nsfw at the moment - I could load the data with Node Api from updated CSON file to get updatedAt
date once a change was detected and compare it against the last modification date from Boostnote state.
Related to #3277
since restarting Boostnote is expensive, there's a faster way for the workaround: view / reload
Problem:
You can lose all previous updates to a note when sharing notes:
Workaround:
Solution:
Boostnote should check if note files are updated to a time newer than when they were last loaded, and if so, load the updated note.