The Living Thing / Notebooks :

Synchronising files

bonus: backing up your computer


Pure network drives just aren’t as awesome as working locally, and synchronising changes globally. Realising this is why the Dropbox founders are now rich. Well done them. Dependence on single remote servers for every trifling step is stupid.

Peer to peer is more robust. (Taking it still further, how about everything be sneakernets?)

Anyway, file synchronising is handy, and tricky to do, so the solutions which do it easiest are also usually suboptimal. e.g. I have been using Dropbox, but their technical and legal shortcomings are awful.

Some alternatives follow.


Syncthing has an elegant decentralised sneakernet design. It is reminiscent of git-annex but doesn’t have a combinatorial explosion of options, just one single sync protocol. It is actually very simple and quite friendly to use.

Granularity is per-folder. Like git-annex, it’s doesn’t support iOS. In contrast, it doesn’t support archiving stuff to USB keys or semi-offline stores. It’s NEARLY user-friendly

Stated design criteria:

  • Private. None of your data is ever stored anywhere else than on your computers. There is no central server that might be compromised, legally or illegally.
  • Encrypted. All communication is secured using TLS. The encryption used includes perfect forward secrecy to prevent any eavesdropper from ever gaining access to your data.
  • Authenticated. Every node is identified by a strong cryptographic certificate. Only nodes you have explicitly allowed can connect to your cluster.

You probably want the following files ignored in your .stignore file.

// From Windows
System Volume Information

// From OS X

// From Linux

There is a cli syncthing manager for your remote cloud instances, the snazzily named syncthingmanager.

Syncthing also has file versioning and such, but cryptographic signing of versions and guaranteeing consistent snapshots and so on is not a front-and-centre feature.


Dat is similar to syncthing, with a different emphasis - sharing data to strangers rather than friends, with a special focus on datasets. You could also use it for backups or other sharing. See scientific data sharing.

NB it’s one-writer-many-readers, much like bittorrent, so don’t get excited about multiple data sources. For this price, though, you get data versioning and robust verifiability, though.

Some hacks exist for partial downloading. Otherwise, You can use Dat’s base layer, hyperdrive, directly from node.js. (Hhowever, no-one uses node.js for science at the moment, so this is not likely to be something worth your while.)


Retroshare is not wholly focused on implicit file syncing, but does some of that and a lot more other social stuff.

Features Chat, Voice and Video, offline mail, file sharing, distributed search, forums and compatibility with TOR, and sneakernet everything.


Mega Easy to run. Public source, but not open source. (Long story.) Host-blind encryption business from New Zealand.

Anyway it’s relatively easy to use because it works in the browser, so it won’t terrify your non-geek friends. Ok, maybe a little. Much cheaper than dropbox. The UI is occasionally freaky but it’s reasonably functional, especially for its bargain-basement price. An OK tradeoff of respectability, privacy and affordability.


Rclone is a command line program to sync files and directories to and from Google Drive, Amazon S3, Memset Memstore, Dropbox etc.


  • MD5/SHA1 hashes checked at all times for file integrity
  • Timestamps preserved on files
  • Partial syncs supported on a whole file basis
  • Copy mode to just copy new/changed files
  • Sync (one way) mode to make a directory identical
  • Check mode to check for file hash equality
  • Can sync to and from network, eg two different cloud accounts
  • Optional encryption (Crypt)
  • Optional FUSE mount (rclone mount)

Dropbox for the skeptical

If you must use Dropbox, you can at least run it in a container, using docker so they can’t spy on your stuff. Probably. At least not on the stuff you haven’t explicitly put in Dropbox, which is presumably already enough stuff to keep them busy so you shouldn’t feel sorry for them. This is not a painful thing to organise, taking about one hour including learning what the hell docker is from scratch. But it is flamboyantly nerdy. and still encourages unsafe Dropbox-trusting amongst your friends. At the end of it, you have made the tool so inconvenient that you may as well have been using Owncloud.

Let’s say you have the default UID, GID and Dropbox location on OSX. Then you do this.

docker pull janeczku/dropbox
docker run -d --restart=always --name=dropbox \
  -v ~/Dropbox:/dbox/Dropbox \
  -e DBOX_UID=501 \
  -e DBOX_GID=20 \
  --net="host" \
docker logs dropbox

You might need to reboot intermittently so that Dropbox can run its self-update.

Keybase, not quite a file sync

An in-principle secure alternative is keybase, although it’s not quite syncing, it’s a kind of syncing-rebooted-thing, which facilitates secure-ish peer sharing something something.


Owncloud is dubiously secure; they have security advisories all the time. But even without that silliness, they don’t store files encrypted, so your server host can see what you are doing. Lawks! That’s only one step better than Dropbox!

OTOH, it’s easy to run on your own server, e.g. using docker, so it’s useful for sharing something public such as open research etc for only the cost of hosting, which is low. Additionally, Australian academics get a free 100Gb from AARNET, so we may as well.

However, there are various quirks to survive.

For one, command-line usage is not obvious.

First, you can access it as a WebDAV share, which is unwieldy but probably works. However it’s also probably slow. We really want sync here.

The actual owncloud CLI documentation is hidden deeply. Tony Maro gives a walk-through. It’s heavily version dependent. Beware.


git-annex supports explicit and customisable folder-tree synchronisation, merging and sneakernets and as such I am well disposed toward it. You can choose to have things in various stores, and to copy files to an from servers or disks as they become available. It doesn’t support iOs. Windows support is experimental. Granularity is per-file. It has weird symlink-based file access protocol which might be inconvenient for many uses. (I’m imagining this is trouble for Microsoft Word or whatever.)

Also, do you want to invoke various disk-online-diskoffline-how-sync when options from the command line, or do you want stuff to magically replicate itself across some machines?

The documentation is very nerdy and not very clear, but I think my needs are nerdy and unclear by modern standards. However, the combinatorial explosion of options and excessive hands-on-ness is a serious problem.

ad hoc

  • rsync is what I always end up using.
  • aws sync.

Bonus trick

Convert your woefully insecure sync service into a somewhat less woeful service using open source cryptomator, which encrypts all the data you send to their service rather than letting them see it, creating easy encryption drives

The drawbacks that immediately occur to me are

  1. this does not help with sharing files with peers, who still need to decrypt stuff somehow (although that’s a problem with any encrypted service)
  2. you still have to run their sync software on your computer, which means trusting their client code if not their server code.
  3. files are encrypted individually so you are still leaking a lot of information about what kind of files they are in their size and usage patterns.

NB you could do this anyway by manually encrypting everything, but would you? No, because it’s slow and tedious. You need a nice GUI like this.


Online backup

Listing encrypted backups only, because I am not crazy.

Also, I’m only listing open-source options or ones not in a jurisdiction with especially poor privacy, such as China, Russia, the UK or the USA.


Windows, OSX, Linux:

Duplicati works with standard protocols like FTP, SSH, WebDAV as well as popular services like Microsoft OneDrive, Amazon Cloud Drive / S3, Google Drive,, Mega, hubiC and many others.


  • Backup files and folders with strong AES-256 encryption. Save space with incremental backups and data deduplication.
  • Run backups on any machine through the web-based interface or via command line interface.
  • Duplicati has a built-in scheduler and auto-updater.

Full list of backends.


OSX, linux, more bare-bones:

Duplicity backs directories by producing encrypted tar-format volumes and uploading them to a remote or local file server. Because duplicity uses librsync, the incremental archives are space efficient and only record the parts of files that have changed since the last backup. Because duplicity uses GnuPG to encrypt and/or sign these archives, they will be safe from spying and/or modification by the server.


Linux, OSX, tarsnap comes with a server for $0.25/gb/month:

Tarsnap is a secure, efficient online backup service:

your data can only be accessed with your personal keys. We can’t access your data even if we wanted to!
Source code
the client code is available. You don’t need to trust us; you can check the encryption yourself!
only the unique data between your current files and encrypted archives is uploaded. This reduces the bandwidth and storage required, saving you money!

Tarsnap runs on UNIX-like operating systems (BSD, Linux, MacOS X, Cygwin, etc)

Others I’ve seen about the place

zbackup, borgbackup, attic, obnam, arq.

syncing dotfiles

You might try mackup to sync settings for linux and osx machines alike to some folder somewhere. It’s a database of which actual settings of various apps are actually syncable. On second thoughts, this is a fragile approach. And it freaks out if you have non-ascii characters in your filenames. Do something different.

Revised recommendation:

Use a bare git repo:

git init --bare $HOME/.dotfiles
alias dotfiles='git --git-dir=$HOME/.dotfiles/ --work-tree=$HOME'
dotfiles config --local status.showUntrackedFiles no
echo "alias dotfiles='git --git-dir=$HOME/.dotfiles/ --work-tree=$HOME'" \
  >> $HOME/.bashrc

Yes, much less freaky.

Actually, do you know what is even easier? Just make a git repo in your root dir. No more overthinking. Rerevised recommendation:

git init $HOME
git config --local status.showUntrackedFiles no

Now! go forth and steal other peoples’ dotfile tricks.