Got A LOT of conflicts today

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Got A LOT of conflicts today

Geir Kilsti

Hi!

 

I use Owncloud on Windows 7, 64bit with 1.4.0 client.

I use this to sync my data folder on Windows to my own Centos Owncloud 6.3 server.

I sync ONLY from this laptop to the backup folder on the server.

After I installed 1.4.0 two days ago, I suddenly discovered notification messages from owncloud

on my laptop, in a very high speed,  A LOT of them.

 

After killing the owncloud process I discovered that several thousand of my files had been changed

to “<name>_conflict-date-time.<ext>”  

Even files not changed in a long time were renamed. This is one of the scary scenarios that has prevented me from using such a cloud service for a long time before I started with OwnCloud about half a year ago.

 

This file-renaming stopped all my programs using data from this area from working and was REALLY annoying.

Fortunately I’m a windows programmer and made a small program that renames all the files back to what they were before.

But now I don’t trust owncloud any more L

What I really need is to be able to specify a one-way sync for a specific folder, to use ONLY for backup.

This shouldn’t be so hard to make.

Can someone please think hard about this?

 

BR, Geir Kilsti, Norway.


_______________________________________________
Owncloud mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/owncloud
Reply | Threaded
Open this post in threaded view
|

Re: Got A LOT of conflicts today

Daniel Molkentin
<base href="x-msg://2571/">Hi Geir,

Am 12.09.2013 um 00:51 schrieb Geir Kilsti:

Hi!
 
After I installed 1.4.0 two days ago, I suddenly discovered notification messages from owncloud
on my laptop, in a very high speed,  A LOT of them.

What was the message?

 
After killing the owncloud process I discovered that several thousand of my files had been changed
to “<name>_conflict-date-time.<ext>”  
Even files not changed in a long time were renamed. This is one of the scary scenarios that has prevented me from using such a cloud service for a long time before I started with OwnCloud about half a year ago.
 

Were those conflicts identical to the original files? In 1.4.0 we have code that should prevent _exactly_ this type of error by doing a byte-by-byte comparison before creating a conflict. Something must have gone very wrong, and it would be good to find out why. You are the first person since quite a while to report mass-conflicts.

This file-renaming stopped all my programs using data from this area from working and was REALLY annoying.
Fortunately I’m a windows programmer and made a small program that renames all the files back to what they were before.
But now I don’t trust owncloud any more L

My apologies, but we need to find out what happened, because this specific behavior is, to the best of my knowledge, not common at all. Given that you have the deletion tool now, can you help us to reproduce the problem?

What I really need is to be able to specify a one-way sync for a specific folder, to use ONLY for backup.
This shouldn’t be so hard to make.
Can someone please think hard about this?

If you really want to use ownCloud as a backup storage (why not use a pure samba/nfs mount?), mount it via webdav and run a backup job, either with a backup tool or a custom script. This should work today. Modifying ownCloud Client to support another mode of operation (which it is, even if it technically seems to be just a subset) is not on the roadmap, given that there are existing applications that do the job today.

Cheers,
  Daniel

--
www.owncloud.com - Your Data, Your Cloud, Your Way!

ownCloud GmbH, GF: Markus Rex, Holger Dyroff
Schloßäckerstrasse 26a, 90443 Nürnberg, HRB 28050 (AG Nürnberg)


_______________________________________________
Owncloud mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/owncloud
Reply | Threaded
Open this post in threaded view
|

Re: Got A LOT of conflicts today

Roland Hager
On 12.09.2013 01:14, Daniel Molkentin wrote:
<base href="x-msg://2571/">[...]
 
After killing the owncloud process I discovered that several thousand of my files had been changed
to “<name>_conflict-date-time.<ext>”  
Even files not changed in a long time were renamed. This is one of the scary scenarios that has prevented me from using such a cloud service for a long time before I started with OwnCloud about half a year ago.
 
[...]

My apologies, but we need to find out what happened, because this specific behavior is, to the best of my knowledge, not common at all. Given that you have the deletion tool now, can you help us to reproduce the problem?



Hi Daniel,

We also have users with similar problems. One or two reported that there local files where deleted but still exists on the server. They needed to set up the sync folder from scratch to get all files back. One user reported that local files got deleted and all server logs looked like they never where uploaded, just deleted locally. Two users reported issues with "conflicted" files. One had thousands of them all over the sync folders (original files where deleted), one just had a problem with one file. All had in common a Windows operating system and using Version 1.2 or 1.3. Not all of them are experienced power users but I tried to reproduce the failure with some of them ... with no luck. In the end we set up a fresh sync folder and the error was gone. Since the sync client did not log anything before 1.4 without explicitly adding a parameter, we did not report that, because we had no idea about the reason and how to reproduce it.

So yes, it is not a common problem if one sync "crashes" out of 1000 but it scares the users that are concerned about data integrity.

I hope the new version 1.4 will do it better now.

best regards
Roland Hager
_______________________________________________
Owncloud mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/owncloud

smime.p7s (7K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Webdav Basic Authentication

Matthias
Dear Group,

I am not a webdav expert but I read on a microsoft website, that
microsoft disabled Basic Authentication for windows due to security
reasons of the Basic Authentication standard. I also read "The most
serious flaw in Basic authentication is that it results in the
essentially cleartext transmission of the user's password over the
physical network." on this website:
http://www.webdav.org/specs/rfc2617.html#rfc.section.4.1

If I get this right, it is not a good idea that owncloud only uses this
type of Authentication standard?

Matthias
_______________________________________________
Owncloud mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/owncloud
Reply | Threaded
Open this post in threaded view
|

Re: Webdav Basic Authentication

André Schild
> Dear Group,
>
> I am not a webdav expert but I read on a microsoft website, that microsoft
> disabled Basic Authentication for windows due to security reasons of the
> Basic Authentication standard. I also read "The most serious flaw in Basic
> authentication is that it results in the essentially cleartext transmission of the
> user's password over the physical network." on this website:
> http://www.webdav.org/specs/rfc2617.html#rfc.section.4.1
>
> If I get this right, it is not a good idea that owncloud only uses this type of
> Authentication standard?
[Andre Schild]

This is no problem as long as you use https,
then then password is safe.

If you don't use https, then anyway you security is compromised,
it does then not matter if your send the password in cleartext
or some other half-secure way

André
_______________________________________________
Owncloud mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/owncloud
Reply | Threaded
Open this post in threaded view
|

Re: Webdav Basic Authentication

Mark Ziegler
In reply to this post by Matthias
Am 12.09.2013 10:24, schrieb Matthias:

> Dear Group,
>
> I am not a webdav expert but I read on a microsoft website, that
> microsoft disabled Basic Authentication for windows due to security
> reasons of the Basic Authentication standard. I also read "The most
> serious flaw in Basic authentication is that it results in the
> essentially cleartext transmission of the user's password over the
> physical network." on this website:
> http://www.webdav.org/specs/rfc2617.html#rfc.section.4.1
>
> If I get this right, it is not a good idea that owncloud only uses
> this type of Authentication standard?
>
That's why we recommend SSL for your webserver.
_______________________________________________
Owncloud mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/owncloud
Reply | Threaded
Open this post in threaded view
|

Re: Webdav Basic Authentication

Matthias
You're right, I forgot this fact, thanks!

Matthias


======= Original message from =======
 > From: Mark Ziegler <[hidden email]>
 > To : [hidden email]
 > Sent: 12.09.2013 10:27:41



> Am 12.09.2013 10:24, schrieb Matthias:
>> Dear Group,
>>
>> I am not a webdav expert but I read on a microsoft website, that
>> microsoft disabled Basic Authentication for windows due to security
>> reasons of the Basic Authentication standard. I also read "The most
>> serious flaw in Basic authentication is that it results in the
>> essentially cleartext transmission of the user's password over the
>> physical network." on this website:
>> http://www.webdav.org/specs/rfc2617.html#rfc.section.4.1
>>
>> If I get this right, it is not a good idea that owncloud only uses
>> this type of Authentication standard?
>>
> That's why we recommend SSL for your webserver.
> _______________________________________________
> Owncloud mailing list
> [hidden email]
> https://mail.kde.org/mailman/listinfo/owncloud

_______________________________________________
Owncloud mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/owncloud
Reply | Threaded
Open this post in threaded view
|

Re: Webdav Basic Authentication

Daniel Molkentin
In reply to this post by Matthias
Dear Matthias,

Am 12.09.2013 um 10:24 schrieb Matthias:

Dear Group,

I am not a webdav expert but I read on a microsoft website, that microsoft disabled Basic Authentication for windows due to security reasons of the Basic Authentication standard. I also read "The most serious flaw in Basic authentication is that it results in the essentially cleartext transmission of the user's password over the physical network." on this website:
http://www.webdav.org/specs/rfc2617.html#rfc.section.4.1

If I get this right, it is not a good idea that owncloud only uses this type of Authentication standard?

If you are running ownCloud, you will most certainly want to run it SSL encrypted, at least outside your private LAN. Everything is encrypted, including passwords, so you are good.

Let's look at the alternatives:

- digest: requires to either save the password in clear text, or store it hashed in the exact format that digest expects. This does not work with a lot of auth backends that store the password hashed, but in their own format (like, hopefully, any).
- NTLM: suffers from compatibility problems
- Certificate based auth: too complicated for default usage, no (trivial) login from 3rd party computers
- Negotiate: Windows only in practise, often negotiates NTLM (see above), GSSAPI proposal for negotiate seems to be an expired IETF draft

Also: ownCloud holds (potentially private) data which should be just as well protected as your password.

So use HTTPS (even a self-signed cert is fine), then basic auth is not an issue).

That is not to say we are not looking into certs, oauth, etc (and we already have premilary support for shibboleth, which usually only works for edus) but there is no silver bullet. Try to find who (apart from SIP, which uses a slightly modified version of Digest) actually uses Digest auth today. Noone really. And it's not because they're all lazy slackers, but because there is actually no good standard that works with hashed passwords on the server side and does not wire the password plain text and works everywhere and is easy to use. Should I be missing something, please speak up. Also, if you feel like you want to contribute in this sector, we're more than happy for any help we can get.

Cheers,
 Daniel

--
www.owncloud.com - Your Data, Your Cloud, Your Way!

ownCloud GmbH, GF: Markus Rex, Holger Dyroff
Schloßäckerstrasse 26a, 90443 Nürnberg, HRB 28050 (AG Nürnberg)


_______________________________________________
Owncloud mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/owncloud
Reply | Threaded
Open this post in threaded view
|

Re: Webdav Basic Authentication

Matthias
Dear Daniel,

thank you for your answer. I forgot the fact that the network is already
encrypted by SSL. Let's say, the question was a little senseless ;)

Matthias




======= Original message from =======
 > From: Daniel Molkentin <[hidden email]>
 > To : [hidden email]
 > Sent: 12.09.2013 10:44:59


> Dear Matthias,
>
> Am 12.09.2013 um 10:24 schrieb Matthias:
>
>> Dear Group,
>>
>> I am not a webdav expert but I read on a microsoft website, that
>> microsoft disabled Basic Authentication for windows due to security
>> reasons of the Basic Authentication standard. I also read "The most
>> serious flaw in Basic authentication is that it results in the
>> essentially cleartext transmission of the user's password over the
>> physical network." on this website:
>> http://www.webdav.org/specs/rfc2617.html#rfc.section.4.1
>>
>> If I get this right, it is not a good idea that owncloud only uses
>> this type of Authentication standard?
>
> If you are running ownCloud, you will most certainly want to run it
> SSL encrypted, at least outside your private LAN. Everything is
> encrypted, including passwords, so you are good.
>
> Let's look at the alternatives:
>
> - digest: requires to either save the password in clear text, or store
> it hashed in the exact format that digest expects. This does not work
> with a lot of auth backends that store the password hashed, but in
> their own format (like, hopefully, any).
> - NTLM: suffers from compatibility problems
> - Certificate based auth: too complicated for default usage, no
> (trivial) login from 3rd party computers
> - Negotiate: Windows only in practise, often negotiates NTLM (see
> above), GSSAPI proposal for negotiate seems to be an expired IETF draft
>
> Also: ownCloud holds (potentially private) data which should be just
> as well protected as your password.
>
> So use HTTPS (even a self-signed cert is fine), then basic auth is not
> an issue).
>
> That is not to say we are not looking into certs, oauth, etc (and we
> already have premilary support for shibboleth, which usually only
> works for edus) but there is no silver bullet. Try to find who (apart
> from SIP, which uses a slightly modified version of Digest) actually
> uses Digest auth today. Noone really. And it's not because they're all
> lazy slackers, but because there is actually no good standard that
> works with hashed passwords on the server side and does not wire the
> password plain text and works everywhere and is easy to use. Should I
> be missing something, please speak up. Also, if you feel like you want
> to contribute in this sector, we're more than happy for any help we
> can get.
>
> Cheers,
>  Daniel
>
> --
> www.owncloud.com <http://www.owncloud.com> - Your Data, Your Cloud,
> Your Way!
>
> ownCloud GmbH, GF: Markus Rex, Holger Dyroff
> Schloßäckerstrasse 26a, 90443 Nürnberg, HRB 28050 (AG Nürnberg)
>
>
>
> _______________________________________________
> Owncloud mailing list
> [hidden email]
> https://mail.kde.org/mailman/listinfo/owncloud

_______________________________________________
Owncloud mailing list
[hidden email]
https://mail.kde.org/mailman/listinfo/owncloud