search

sboesen / remotely-sync

fork of remotely-save with security upgrades
Apache License 2.0
212 stars 8 forks source link

[Feature Request]: New sync algorithm #133

Open kadisonm opened 8 months ago

kadisonm commented 8 months ago

What feature are you suggesting?

Remotely Save recently got a new sync algorithm based off of Jwink3101/syncrclone.

I don't know enough to suggest a design but I think we should discuss the options including the one above.

I wouldn't mind trying to implement this but it should probably be more a collaborative thing since it's pretty big.

Trying to find patterns and figure out what we want out of it might be a good start.

What remote cloud services are you using, or suggesting adding the feature to?

No response

Ensure no sensitive information

kadisonm commented 8 months ago

I was looking at this a few weeks ago and I found this source here.

What I'd probably be looking for with a new algorithm is improving the readability and sync times. At the moment the current way it syncs is super hard to follow, and I think the harder it is the follow the easier it is for bugs to get looked over.

I also found Rsync but it's old and single threaded and might not relate well. There are some interesting concepts I don't understand there though.

fyears commented 8 months ago

My thoughts:

I sincerely invite you directly contribute to Remotely Save, instead of maintaining an outdated fork now.

Retrospectively, Remotely {Secure,Sync} was developed because of the pause of development of Remotely Save, and the seek for better encryption. Both issues do not exist now.

  1. Remotely Save is actively maintained and updated.
  2. Remotely Save has better sync algorithm as of 0.4.10, as you said in this issue. It really took a few weeks of my work on researching, comparing, coding, testing, writing docs. Syncing is a hard problem by nature.
  3. Remotely Save currently provides even better encryption method XSalsa20Poly1305 now as of 0.4.10. BTW, I really think the "vulnerability" or "improvement" comments were unfair.
  4. PRs to Remotely Save are reviewed and may be merged now.
  5. Remotely Save has fixed lots of bugs, including the bugs in old / new sync algorithm.
  6. Remotely Save has added Lots of features.

I am confident to say that Remotely Save has better sync algorithm, more advanced encryption method, the same or more useful feature sets, the same development activity now.

Please consider contribute back to the upstream. You are welcome.

kadisonm commented 8 months ago

I sincerely invite you directly contribute to Remotely Save, instead of maintaining an outdated fork now.

I'll have a look at Remotely Save and see what I could do. But I don't think there would be much I could contribute to in my opinion. I honestly might focus on my own personal projects for a while or even experiment with my own sync plugin from scratch since I want to learn more about it.

It depends on what @sboesen is going to do with this plugin as well. If he wants to make a new sync algorithm or not.

sboesen commented 7 months ago

Thanks for the comment @fyears but I think you made a similar one previously and I'm not sure the situation has materially changed. Definitely agreed the encryption was not as weak as I thought before (didn't have a chance to test determinism, was based on code review and missed the parameter was only used for testing), corrected pretty much everywhere I've said this.

One comment I have is is AES has more eyes, which is (in the cryptography community) generally considered "more secure" - I would hesitate to call a newer less used - AES-GCM is considered industry standard.

What I'd probably be looking for with a new algorithm is improving the readability and sync times. At the moment the current way it syncs is super hard to follow, and I think the harder it is the follow the easier it is for bugs to get looked over.

@kadisonm 100% agreed. The sync algorithm is worth refactoring before further additions (like adding hashing, remote mtime, etc). Definitely interested in improving this in general but also short on time lately sadly :(

kadisonm commented 7 months ago

Definitely interested in improving this in general but also short on time lately sadly :(

That's alright don't stress. I've also been busy.

I've been thinking and here's my stance on things:

Remotely Save is a lot faster now, so for my personal vault I've switched over to it. Since it's something I use, I'll try to help improve it where I can.

As for Remotely Sync, I want to still contribute and maintain it until it becomes its own plugin. When the time comes I'll help develop a new sync alogrithm for it :)

I'll probably work on my own projects more plus school has also been busy so contributions might not be frequent.

sboesen commented 7 months ago

That makes sense, glad to hear sync is faster! Could be worth opening some PRs to merge your contributions here upstream if that makes sense to you.

School is definitely the priority 😅