Recently Apple replaced MobileMe with iCloud but they did not include a replacement for iDisk, the “remote disk” part of MobileMe. So it is time to search for something new and to rethink the external backup strategy for offsite backups…. The obvious replacement would be Dropbox, but with the recent security issues they had I was also looking for alternatives. It turned out most alternatives are really not as good as Dropbox, but Wuala got my attention… and so here it is, the Dropbox vs. Wuala comparison….

Supported operating systems and sharing

Both Dropbox and Wuala support OSX, Linux and Windows and are available on a wide range of mobile devices. On Dropbox the data can also be viewed through the Website, Wuala requires the Java plugin to be available (see below for the reason). Both systems allow to share files with other users and send out links to any user, so they can be used for sharing large files.

Security

The Dropbox folder integration

SSL is the standard for communicating with the servers, but the major difference between the services is that Wuala encrypts the files locally before sending them to the servers. This means that even Wuala cannot read your data as the password never leaves your system. However the drawback of the increased security is that files cannot be viewed easily through a Web interface and the Java plugin is needed to access the files using a Web browser.

Personally I think the security and privacy model of Wuala is far more advanced than the one of Dropbox, where employees of the provider can access the data (and even specify this right in the terms of use). Wuala feels more like a private, personal safe that no-one has access too, and this picture gets even stronger if you think about the fact that they are located in Switzerland and not in the US.

User interface and ease of use

Dropbox is super-simple and very well integrated into the Finder/Browser of the OS, Wuala on the other hand is very old-school. That is actually the reason why Dropbox is so popular, it is a no-worry solution. There is one folder that syncs, the icons on this folder show the status (uploading/up-to-date) and that’s it. No configuration, no scary dialogs, simple and effective.

Within the Wuala application the user is confused with too much information and it takes a while to get used to it. So there is room for user errors in the Wuala client, but on the other hand it offers more flexibility. For example it allows read-only backups and multiple sync-folders. However – it is more satisfying for tech users who want to control and configure stuff – but it completely misses ease-of-use, that makes applications popular these days.

Performance & Tools integration

The Wuala Application window

Performanc-wise it seems that Dropbox is faster than Wuala, one reason being that they do not transmit the full file but only the changed parts (a feature that Wuala will have pretty soon). To say it with different words: Dropbox is amazingly fast. It just works and syncs super fast. Will be interesting to see how Wuala performs once they enable partial file transfers as well.

Also a plus on the Dropbox side is the integration with other tools. By opening and documenting the API and giving other apps access to the data there are text editors, mobile apps, password managers etc. that all store their data on Dropbox. Wuala (based on its security model) does not offer that kind of integration.

What both services handle very differently (and not very well) are symlinks. While Dropbox uses them to sync folders that are not within the /Dropbox folder (challenging for backups that contain symlinks), Wuala simply ignores symlinks… both not ideal for a backup solution.

Price

The price of Wuala is (at the time of writing this) below the price for Dropbox ($129 vs. $199 for 100GB/year) and Wuala offers more choices and larger packages.

… and the winner is…

When I first started my investigation it seemed that I have two very similar services at hand… and indeed they share a lot of common features. But on a closer look Wuala seems to be more powerful when it comes to backup and syncing multiple folders. If Wuala would rewrite the OSX client to sit in the notification area and have Finder icon overlays like Dropbox I think it would be the perfect choice for keeping my files offsite. I also love the fact that they appear to be like a Swiss bank, with my data being my data, with them and no-one else having any access to it.

However Dropbox is so well integrated into other applications and it is really a “don’t make me think” application, so I need to keep the Dropbox client running for some of those apps (and the free 2GB version is good enough for that)….

Check out Wuala on your own (if you use this link you get some space for free).

Check out Dropbox on your own (if you use this link you get some space for free).

Well, everyone is talking about “the cloud” and cloud computing.. After SOA and Web 2.0 the cloud is the buzzword of the year 2009.

But what is it really, this “cloud”?

Well, Apple very well described in in a recent news announcement:

That’s it basically – it’s servers + virtualization with a new marketing name attached to it….

With the recent iPhone 3.0 release Apple included a feature called “Find my iPhone“, which allows users of the MobileMe service to locate their iPhone in case it has “switched owners”.
Now Kevin left his beloved phone in a bar and was able to track it down using the new feature… in his blog he describes his experiences and the hunt for the iPhone:

Read the full story….

PS: one feature that I miss would be to be able to remote-lock the phone, so it requires a passcode immediately after the message has been received.

To have my data secured I run (almost) daily backups using a custom script to my NAS system. Over there, at the great, little Linux box, runs a script that does daily increments using rsnapshot. There is also another script that keeps a copy on an external WebDAV server up-to date.
Implementing this was not that simple – as the NAS itself does not support mounting WebDAV servers natively I had to use a PHP script, which required patching the PEAR WebDav Client (digest auth, block size, stat entries) but eventually I got it working at a reasonable speed (8k block size does not make sense for a HTTP based protocol!). The big benefits – my computers don’t have to run to upload the data, the NAS is doing that work and it is running 24/7 anyway.

End of story, zero maintenance required.

Until I tried to switch from Bingodisk to Apple’s iDisk.

For some reason the backup on the iDisk always included hidden files, despite the fact that they have not been changed and already existed on the disk. Some simple investigation has shown that the iDisk server simply did not return any file that started with a dot (.). But why?
Packet sniffing revealed that there are some differences between the PHP request and the one sent by OS X, but even after modifying the PHP code there were no hidden files included. Last difference – the mysterious X-Source-Id header – but adding that also had no impact. Eventually, after digging in the source code, I figured the change that is needed – as stated on top of the InitUserAgentHeaderValue function:

IMPORTANT: The user-agent header MUST start with the
product token “WebDAVFS” because there are WebDAV servers
that special case this client.

Clear, concise and exactly what I needed to do – as soon as I sent this header iDisk responded with a file listing including hidden files!
I still have no clue why iDisk makes this difference, but it is good to know how to be able to run full backups including hidden files over WebDAV!

Everyone is writing about the new 2.1 firmware that Apple released for the iPhone – about improved battery life, increased 3G reception and so on. It is definitely a fine release with a lot of good improvements. But more important – what’s still missing in the 2.1 firmware? Here is my (incomplete) list of items that Apple should add to the next iPhone firmware:

• Copy & paste across applications (see comic)
• Synchronize Notes and TODO items with iCal and me.com
• Push notification service for applications (promised for September!)
• Usage of the phone as modem (“tethering“)
• Allow developers to talk about iPhone development in the public
• 3rd party syncing through iTunes
• Access to the iDisk through the iPhone
• Support for stereo Bluetooth headsets
• Real navigation (and a Bluetooth GPS extension for the first generation iPhone)

Don’t get me wrong – the 2.1 release is the best iPhone software they have delivered so far, but there is still a lot of room for improvement. Not only for the iPhone but also for me.com, which is insecure and lacks features like the iDisk sharing.

(Image from Geek And Poke)

Ja, laut Apple zumindest, ist SSL völlig unnötig. Warum und wie ich darauf komme, dies zu behaupten? Nun, ich maile schon seit einiger Zeit mit dem Apple-Support betreffend des Sicherheitsproblems von MobileMe. Und irgendwie kommt mir vor sie verstehen das Problem nicht – dass die Daten wie z.B. E-Mails, das Addressbuch oder Kalendereinträge unverschlüsselt zwischen meinem Rechner und den MobileMe-Servern übertragen werden. Was man nicht nur an der URL erkennen kann sondern sich auch sehr leicht mit z.B. Firebug, Fiddler oder Wireshark nachvollziehen lässt.
Nun schreibt mir aber der Apple-Support folgendes:

…die SSL-Verschluesselung stellt sicher, dass Sie mit dem richtigen Server verbunden werden und dass Ihr Benutzername und Passwort verschluesselt uebertragen werden.
Ein Aufzeichnen von Netzwerkverkehr ist nur moeglich, wenn das Netzwerk unsicher ist, d.h. das Passwort oder die Verschluesselungsart zu schwach ist bei WLAN-Netzen o.a..

Und genau darum geht es. Unsichere Netzwerke wie z.B. Hotspots. Oder einfach nur die Sicherheit, dass meine Kontakt-(Kunden?)-Daten nicht abgefangen werden können! Auf meine Bitte zur Klärung mit Technikern habe ich die folgende Antwort erhalten:

…es tut mir leid, dass ich nicht genauer auf die Sicherheit von MobileMe eingegangen bin. Tatsächlich basiert MobileMe auf Javascript und CSS, beides ist mit der neuesten Verschlüsselungstechnologie gesichert. Da alle Vorgänge auf unseren Servern ablaufen, ist kein SSL notwendig. SSL ist lediglich für den Loginvorgang notwendig, da dieser Clientseitig, also auf Ihrem Rechner passiert.

Aha. CSS ist also verschlüsselt. Genau. Und das Login passiert im Browser. Genau. SSL ist also wirklich völlig unnötig!