back to article Dropbox gets all up in your kernel with Project Infinite. Cue uproar

Dropbox is on the defensive after revealing its file-sharing service will in future tap into the very heart of your computer’s operating system. Project Infinite, unveiled in April, will take Dropbox out of the browser on the PC or Macs and integrate it directly with your machine’s local file storage. Items stored in your …

  1. James 51
    Flame

    It is handy being able to treat dropbox like a local folder but this is not worth the risk this entails. The browser it is.

  2. Voland's right hand Silver badge

    Why kernel driver?

    What's wrong with fuse?

    1. NE-bot

      Re: Why kernel driver?

      FUSE was too slow according to the post

      1. Adam 52 Silver badge

        Re: Why kernel driver?

        Too slow for something that's syncing over the Internet?

    2. Ken Hagan Gold badge
      Paris Hilton

      Re: Why kernel driver?

      "In Windows, Dropbox will implement Microsoft’s Copy Hook Handlers, COM objects implemented as DLLs and called by the operating system shell. "

      So on Windows, Dropbox is actually using a user-space file-system extension. The article is mis-leading on that point.

      But yes. Who on earth thought that a file-system at the end of an ADSL link was sufficiently performance critical to require a kernel implementation?

      Breath-taking idiocy!

      1. jzl

        Re: Why kernel driver?

        Do you really think the people at Dropbox are idiots? Really? That's slightly idiotic itself.

        The performance they're concerned about isn't the upload / download link.

        They're building a version of the Dropbox client that virtualises files when your hard disk is full. This is a real problem in business environments where people are running terabyte sized Dropbox accounts on laptops.

        The performance they're concerned about is the filesystem overhead of every single file access in the system having to go through the Dropbox code to check first that the file actually exists. Even if the file isn't in the Dropbox folder, the filesystem will have to make a call to the Dropbox extension. You can very quickly make a system laggy that way.

        The reason they don't want to use FUSE is that it doesn't really solve the performance problem, as your code still runs in userspace and so requires a context switch, which is very expensive.

        Anyway, point being, you may not agree with them for various reasons but they're definitely not idiots. They have non-idiotic reasons for wanting to do this.

        1. Anonymous Coward
          Anonymous Coward

          "virtualises files when your hard disk is full."

          I guess the reason is to avoid to sync GBs if not more of data, especially when you local disk has chances of being smaller, and the connection not so fast. If you can just sync metadata, and then read/write file on demand, it looks "faster".

          Their idea is probably to work like SMB (or the like) does, you see remote files, they can be cached locally when needed, but you don't get a full sync unless you explicitly require it for some - or it will truly fill your disk if you're an heavy user.

          But if the OS and software are well designed, only when trying to access the Dropbox "namespace" code should try to access the remote data. And if metadata are already synced there's really no reason they shouldn't available in user space for a quick check. Sure, if you're going to look into file contents then there will be a lot of kernel calls to access the files - but then the bottleneck will be the network speed and latency, not the context switches - which also are now handled by specific CPU instructions to minimize the overhead. Anyway, context switches are there to protect the kernel from user space code - the overhead is due to access checks and other security features.

        2. Vic

          Re: Why kernel driver?

          Do you really think the people at Dropbox are idiots?

          I never used to...

          Vic.

        3. Nym

          Do I think the people at Dropbox are idiots?

          Well, yes, I know they are. When it was first implemented they tried to make me pay for it twice and finally finagled me into paying for the extended version. The 'tech' people I talked to thought it was funny I couldn't use it. But, each person has their own opinions, like mouths and other physical appurtenances, some of more use than others. I'm simply not in the mood for vulgarity today. I know I'm an idiot, why display it with monkey-words and monkey-tricks?

          Yes, this is designed for others to flame me. Blame my run-in with the VA. No, I am not insulting the author of the comment to which I am replying. However, they definitely are idiots.

      2. Anonymous Coward
        Anonymous Coward

        Re: Why kernel driver?

        CopyHook handlers are just to control what you can do with a item, i.e. deny a copy/move operation - and AFAIK from the Shell only (which means command line operation will go through anyway).

        To access remote files on Windows you have two ways:

        1) Implement a network redirector. This require a file system driver, and some user space executables (DLLs, services) depending on the needs. That's how, for example, SMB is implemented in Windows. Pro: it allows any file-related API to work. Cons: more difficult to write, and riskier (BSOD or critical vulns), no UI tailoring.

        2) Implement a Windows Explorer Shell Namespace extension. That's just some COM userland code. Pro: easier to write, less risky, UI can be tailored. Cons: access only using the Shell API.

        For a full support you may need usually to implement both.

        More info here:

        https://msdn.microsoft.com/windows/hardware/drivers/ifs/what-is-a-network-redirector-

        https://msdn.microsoft.com/en-us/library/windows/desktop/cc144095%28v=vs.85%29.aspx

        1. JamesWRW
          Mushroom

          Re: Why kernel driver?

          This is what they want to do on OS X too. It seem that Windows has a userspace means of achieving this, but OS X requires a kext. The way to allow/deny filesystem actions on OS X is via kauth. Guess what the 'k' stands for.

          I've written a kauth kext. You have a minimal kext that says I'm interested in filesystem actions a/b/c. You get notified when interesting stuff happens and your kext should then inform your userspace component that stuff is happening. The userspace component does the donkey work and lets the kext know whether to allow or deny.

          The kext undoubtedly adds a potential source of panics, but the kext should be absolutely minimal: get notification, tell userspace, get response, allow/deny.

  3. AndrueC Silver badge
    Stop

    Sounds like a lot of risk for too little gain. And..surely they mean they are now using IFS not Copy Hook handlers? Did they try CHH then fall back to IFS? I struggle to see how anything going on on the local machine can be a performance bottleneck if you are getting data over the internet.

    Edit: Ah! I get it. With Windows they can use COM, but under Linux they have to hook into the kernel.

    Anyway it all sounds too hairy for my tastes. I'd rather they not do it.

    1. Zakhar

      But the article is very unclear, it says PC, I assume as a synonym of "A PC running Windows".

      ... In my vocabulary, a PC is a hardware on which you run the software you wish (unless it is blocked by so-called-"secure"-boot).

      And nowhere the article says "Linux". So I will assume again this is only W$ and Mac.

      Anyway I don't see such piece of code making it's way into the Linux kernel... and if they manage to convince a distribution to add they piece of code, you just don't use that distribution.

      Fuse is much enough for me when I want to backup my files on the cloud (which I do on hubic)

      1. jzl

        "... In my vocabulary, a PC is a hardware on which you run the software you wish (unless it is blocked by so-called-"secure"-boot)."

        Your vocabulary is different to common usage. Since, well, the dawn of time, PC has meant "computer running DOS or Windows" to most people. We know there's a difference technically, but that doesn't change the common usage.

        1. Alan Mackenzie

          IIRC, the term "PC" was in use before the IBM PC was released. It simply meant a "personal computer", of which there were quite a few types around. IBM purloined the term.

        2. jelabarre59

          Your vocabulary is different to common usage. Since, well, the dawn of time, PC has meant "computer running DOS or Windows" to most people. We know there's a difference technically, but that doesn't change the common usage.

          Doesn't stop me from giving grief to companies that casually mis-use the *correct* definition of "PC", and complain that they are saying "PC" yet have no Linux support. May not get them to port to Linux, but entertaining nevertheless.

          1. AndrueC Silver badge
            Facepalm

            Reminds of many (many, many) years ago when there was a series of letters published in Amstrad User I think it was asking what 'CPC' stood for as in 'CPC464' and 'CPC6128'. It took three more publications (three months I guess) before someone wrote in to say that in one corner of the main unit/keyboard were the words 'Colour Personal Computer'.

            Sad to say I'd missed that as well despite being a proud owner of a CPC6128 nearly two years.

  4. Bronek Kozicki

    first thing first

    Copy Hook Handlers are never called by Windows kernel, they are in-process libraries called only in user mode by Windows Explorer (i.e. what purports to be shell under Windows).

    The whole uproar seems to be about bastardization of BSD-derived kernel of OSX. In which case, let me be allowed to cite from a comment above "What's wrong with fuse?"

    1. zanshin

      Re: first thing first

      Yeah, that was my thought as well. The Windows version, at least as described in this article, seems like a fairly pedestrian Windows Explorer extension. It sounds like the OSX version is the one with an eyebrow-raising implementation. Aware of its implementation, I wouldn't be very keen to install that either.

      Responses like Dropbox's, which we see all the time from vendors, saying how they've run it for however long and "battle tested" it, annoy me greatly. That's absence of evidence that it's exploitable, which is not the same thing as evidence that it's secure. Saying they had it penetration tested and/or externally reviewed would still not be iron-clad proof of security, but would at least better suggest they really understood the potential risks of their design and took serious steps to mitigate them.

  5. Anonymous Coward
    Anonymous Coward

    dropping Dropbox

    I don't use it a lot, although it is convenient. Too bad though.

  6. P. Lee
    Holmes

    "Clunky at best in a web browser"

    Wassat Sherlock? A web browser is not an OS? Heresy!

    I have some sympathy for the idea of a kernel-based system, in that we'd expect other remote storage protocols such as iscsi to live in the kernel, and we'd also expect proprietary device drivers to be in the kernel, but (and its a big but!) I think the main issue is that we just don't trust web2.0 companies to behave properly. Would I trust Javascript devs with my kernel?

    No.

    But then again, cloud storage is not for me either.

  7. MrTuK

    Its simple - No way in this lifetime buddy, no way in hell !

    Luckily I don't use Win 10 so No Xbox, No OneDrive, No Cortana with Bing and now no DropBox either :)

    Here I am smiling all the way to security !

    1. Dan Wilkie

      Meh, my home PC is only used for games and netflix so they can take all the telemetry they want, my onedrive consists of a bunch of D&D sheets, and my XBox is also just used for gaming.

      If any of that gets compromised then oh no, I'll have to reinstall a bunch of unimportant things.

      The laptop that I use for work and banking and anything slightly sensitive is set up to distrust everything on the home LAN just as much as it distrusts the internet as there is no need for it to talk to anything else on the LAN.

      You don't have to deny yourself nice things in the interest of security, you just need to be smart about how you implement them, same as anything.

  8. OviB

    Rest assured they know their users. Whoever still uses Dropbox is clueless and they (and their associates payed from taxes) perfectly understand that. So Condolezza come, enter into my kernel too.

    1. Tchou
      Flame

      Exactly my thought, they drop[box] back doors for front doors.

  9. Mage Silver badge
    Devil

    browser is “a clunky user experience at best”

    Well, I'd not touch these opaque web based cloud providers with a bargepole.

    I use SFTP and a graphical GUI.

    I'd not trust Dropbox to support random not current or very popular OS, or do security or privacy properly.

    1. Anonymous Coward
      Anonymous Coward

      Re: browser is “a clunky user experience at best”

      Quote: "... and a graphical GUI"

      I wasn't aware that there was any other type of GUI other than the graphical variety! Please do tell more.

  10. Anonymous Coward
    Anonymous Coward

    future is for the braves

    Accessing file that you actually want to upload or share is so 2000s. The rest of the files are more interesting and from the browser is rather challenging doing it. It's so inconvenient and expensive with all that patches comming all the time... So let's go for the throat, let's do it in the kernel. The future is for the braves.

  11. Anonymous Coward
    Anonymous Coward

    I don't need dropbox to be a filesystem

    Just give me some linux command line tools that allow me to do a remote ls and get/put/sync files please.

    Or better yet, ditch your semi-proprietary system and allow people to use scp/sftp to transfer files back and forth with an ssh login to manage them.

    Oh wait, thats just like a remote account. Which I've already got. Sorry, what's the USP of Dropbox again?

    1. James 51

      Re: I don't need dropbox to be a filesystem

      Bit hard to sell reliable technology that's older than the devs to vulture capitalists.

    2. jzl

      Re: I don't need dropbox to be a filesystem

      That's fine for you and the others who can use a linux command line.

      Not so good for my father-in-law, though. Most people don't use Linux, don't know what a command line is, and have the barest understanding of computers overall. Any system which fails to take account of this basic fact is flawed by design.

      Given that Dropbox is famous for their user experience, I don't see this happening. And rightly so.

      1. Anonymous Coward
        Anonymous Coward

        Re: I don't need dropbox to be a filesystem

        "Given that Dropbox is famous for their user experience,"

        Uploading files is a user "experience" now is it? Wow, guess I didn't get that memo.

        " I don't see this happening. And rightly so."

        Why not? I never said it had to be either-or, they could easily do both if they really want to appeal to all. Which seems to be the case if they're developing a linux kernel module.

        1. jzl

          Re: I don't need dropbox to be a filesystem

          The whole Dropbox app is more than just "uploading files" clearly. It's a complete user experience that is incredibly straightforward and reasonably intuitive, even for non-technical computer users.

          If you disagree, that's fine, but you have to come up with a theory that explains the relative success of Dropbox compared to, say, rsync.

          1. Anonymous Coward
            Anonymous Coward

            Re: I don't need dropbox to be a filesystem

            "It's a complete user experience"

            Do yourself a favour and knock the buzzword bullshit on the head. You only make yourself sound like an idiot. Using a file syncer is not an "experience", well, not unless you've spent your whole life locked in a box. Have you?

            "If you disagree, that's fine, but you have to come up with a theory that explains the relative success of Dropbox compared to, say, rsync."

            I'm not saying do command line tools for everyone, just for experienced linux users - which most are. Is this too hard for you to comprehend?

      2. jzl

        Re: I don't need dropbox to be a filesystem

        I love the Register.

        I mention that most people don't use Linux and get a thumbs down, for what is an empirical fact. And don't say Android - this whole thread is about the desktop.

    3. phuzz Silver badge
      Facepalm

      Re: I don't need dropbox to be a filesystem

      If you're happy using scp/sftp, why even consider Dropbox? The whole point of Dropbox is making internet based file storage really easy to use, so people don't need to learn what rsync is, or have to set up their own file server.

      You might as well complain that Cbeebies doesn't contain enough gritty realism for you.

      1. Anonymous Coward
        Anonymous Coward

        Re: I don't need dropbox to be a filesystem

        "If you're happy using scp/sftp, why even consider Dropbox? "

        Why can't I used both? scp on linux, the fluffy GUI elsewhere.

  12. hellwig

    What do Competitors Do?

    What does Box or Google Drive or (is this still around) Amazon Cloud do provide the same service? Are people already installing these types of applications on their computers?

    1. Mark Allen

      Re: What do Competitors Do?

      This is where it can get funny. I have Home User or Small Home Business clients who have installed half a dozen different cloud services without even realising.

      They get sent one file as a Dropbox link, but then end up signing up for Dropbox in error and installing the application. (Very aggressive website that one, designed to confuse) We then add OneDrive from their Win10 upgrade. Office 365 adds OneDrive for Business.

      They then updated iTunes and along came iCloud... so they click on it because their Apple "Genius" told them it would bring world peace. And they then wonder why their copy of Outlook 2010 has now gone mental.

      And just to get the full set, they have a Google Drive running - but nothing in it. And no idea where that came from.

      Oh yeah... and don't forget the OEM clouds that the laptop makers try and sell. Demos installed and never removed.

      Add in a dozen apps that all busily checking online for updates, or "syncing" settings... and it does start to get a little bonkers.

      Sometimes it is amazing that computers manage to boot up at all!

      1. Boothy

        Re: What do Competitors Do?

        Adding to the confusion. If you're on a Windows version that doesn't come pre-installed with OneDrive, the current Office 365 (i.e. Office 2016) installs both the consumer and business versions at the same time!

        So you end up with two OneDrive entries:

        > "Microsoft OneDrive" (OneDrive.exe) and

        > "OneDrive for Business" (GROOVE.EXE).

        Both programs have exactly the same app icons as well!

  13. frank ly

    My Dropbox is integrated right now

    I'm running the Dropbox client for Linux on my machine right now, no bowser used. It runs as a user and synchronises the contents of a folder in my filesystem.

    There is a 'Dropbox for Caja' (super-duper full integration, it claims) that asks for Administrator rights but I don't use that one. The one I do use has Dropbox integration options in the context menu. However, it always sets itself to run at startup, so I only run it when I need it and kill its startup setting if I can be bothered. They are sneaky and seem to be getting even more sneaky, with no need or benefit to the user.

    1. Steve 39

      Re: My Dropbox is integrated right now

      Mine seems integrated now too on OSX. It appears in Finder, I can open and save files from/to it from Open/Save dialog boxes. All from the Dropbox app I downloaded from them ages ago. I never use the web browser.

      How is this different?

    2. Anonymous Coward
      Anonymous Coward

      Re: My Dropbox is integrated right now

      "I'm running the Dropbox client for Linux on my machine right now, no bowser used. It runs as a user and synchronises the contents of a folder in my filesystem."

      Perhaps I'm just old fashioned and not hip enough, but I don't want a background process automatically sync'ing files to a remote site. And if you have to ask why then you probably won't understand the answer. Any linux user worth their logon can write a script to automatically sync given the correct command line tools if they need that functionality.

  14. Bucky 2

    I feel like what I'm hearing is that they're re-inventing NFS (for some reason).

  15. interval

    Put your que in your ****

    "Que uproar" as if it were some mindless knee-jerk reaction. Users are justifiably in an uproar at this latest corporate indiscretion. Que my justified rage.

    1. wdmot

      Re: Put your que in your ****

      ¿What?

      1. Jeffrey Nonken

        Re: Put your que in your ****

        I think he's conflating "queue" with "cue".

        1. jzl

          Re: Put your que in your ****

          I wanted to get in with that comment, but it looks like I'll just have to stand in line.

  16. Anonymous Coward
    Anonymous Coward

    I always found Dropbox invasive, anyway

    This just seems like the next logical step, which I would expect from them.

    I haven't used them in years. Can't use it at work -- IT dept won't allow it -- and the integration on my home machine was irritating.

    Sure, there are risks involved, but for those who use Dropbox to begin with, blurring the lines between systems is nothing new. Worth the risk to many. And they'll just suss out the fixes as problems arise.

    Just like all the other SW that's wedged in there nice 'n' tight.

  17. Hstubbe

    users don't care

    And again it is the poor sods that are going to suffer. Sure, a bunch of nerds, geeks and commentards cry out in dismay and declare a boycot, but the average user will just click 'ok' when the pop-up dialog promises them faster dropbox when they upgrade and have their machine owned by yet another yankee data guzzler. I pity those who don't have a clue!

    1. TheSkunkyMonk

      dialog promises them faster dropbox

      ahhh that reminds me of the Bs spouted on every release of the windows installer after 3.1 also shocked bill didn't put a patent on that one

  18. Dieter Haussmann

    Remind me why they gave Condoleezza Rice a top job.....

    That was enough for me.

    1. TReko

      Condee wants to read all your files now, not just those in your DropBox. Kernal access allows this.

  19. Down not across

    Leave my kernel alone thank you very much

    “We’ve been running this kernel extension internally at Dropbox for almost a year and have battle-tested its stability and integrity,” Dropbox wrote, adding: “After careful design and consideration, we concluded that this kernel extension is the smallest and therefore most secure surface through which we can deliver Project Infinite.”

    The statement continued: “We understand the concerns around this type of implementation, and our solution takes into consideration the security and stability of our users’ experience, while providing what we believe will be a really useful feature.” ®

    Pardon me if your "consideration of security" does not convince me. Of course you would believe it to be useful feature. I don't.

    That extension won't get anywhere near my kernel. Why, indeed I don't trust you and you won't get kernel access to my machine.

    1. jzl

      Re: Leave my kernel alone thank you very much

      If you don't trust them, why are you giving them access to your files in the first place?

      1. Down not across

        Re: Leave my kernel alone thank you very much

        If you don't trust them, why are you giving them access to your files in the first place?

        I never said if I did or not.

        As it happens, I did use them long time ago to copy/share some encrypted files across different platforms.

        That is quite different from the trust required to give them kernel access.

  20. Oengus

    Battle-tested my Ars...

    "We’ve been running this kernel extension internally at Dropbox for almost a year and have battle-tested its stability and integrity"

    "Battle tested" on corporate computers that have controlled configurations... I doubt they have hundreds of thousands of differing hardware and software configurations let alone differing patch levels.

    1. gap

      Re: Battle-tested my Ars...

      They probably mean battled-tested by someone in the marketing department.

  21. Anonymous Coward
    Linux

    As Jeff Goldblum would say:

    "Yeah, yeah, but your scientists were so preoccupied with whether or not they could that they didn't stop to think if they should."

    (As you read that, imagine Tux with pterodactyl wings)

  22. Tom 64

    hahaha

    That's some more software to add to the toxic crap list, along with anything from Adobe.

    You don't get to call something 'battle tested' until its been on the net and had every APT in China or Russia try to exploit it for a year. Corporate networks do not count.

  23. jzl

    I don't get the fuss

    Given that most hardware makers already have unfettered kernel access for their drivers, I don't see that this is too much of a problem. DropBox is likely to write much tighter code than most of them. RealTek audio, anyone?

    Besides, Dropbox already have access to everything of worth on my computer. That's kind of the point.

    What more have I got to lose than if hackers simply hacked the existing Dropbox client, which would already be the worst possible outcome?

    1. KroSha

      Re: I don't get the fuss

      In which case, sir, you are an idiot. There is a massive difference between hardware kexts and a data copy agent. Even if they "hacked the client", that's a user process, not a kernel one.

      Currently, Dropbox has access to one folder on my system. The only non-trival item in that folder is an encrypted .dmg, to which Dropbox does not and will not have the key.

      Anyone who gives an online syncing service "access to everything of worth on my computer" deserves everything they get.

      1. jzl

        Re: I don't get the fuss

        I'm not an idiot. I just don't feel the need to wear a tinfoil hat. Unlike you, clearly, with your encrypted dmg file.

        Which defeats some of the best features of Dropbox, I might add. Every time you change anything in your dmg file, the whole thing gets synchronised. That means you lose file-by-file versioning. You also lose file-by-file synchronisation. If you have one file open on one computer and another open on a second computer, you have the entire .dmg file locked on both machines. That will mean that, at the best, you'll end up with a conflicted copy duplicate of the entire thing. At worst, you run the risk of overwriting changes.

        And I'm the idiot?

      2. Warm Braw

        Re: I don't get the fuss

        There is a massive difference between hardware kexts and a data copy agent

        Not really - once you've got kernel context it doesn't really matter what you say you are going to do with it. At least you know Dropbox is going to have access to your data and can choose not to use it. Do you really know what your drivers are doing?

  24. jzl

    Copy hook handlers

    Are not kernel extensions. They're vanilla user-space part of the Windows API. I'm frankly pretty surprised that Dropbox isn't using them already actually. Nothing remotely unusual about using cooy hook handlers.

    Also, this article talks about moving out of the web. Dropbox is already out of the web. It provides Native applications which run on the desktop in the background, and it always has.

  25. jzl

    Facts

    I've actually read the Dropbox post now.

    As far as I can see, this only applies to the Mac client (I assume to the Linux client as well eventually). The Windows client does not need the kernel extension, as Windows provides appropriate user space hooks.

  26. BongoJoe

    I use Dropbox as a first port of call backup thingy as it's useful when one is on the road.

    I use SyncBackFree to determine which folders I want to have backed up and that copies files to the Dropbox folders on schedule and that's it. No dicking around with browsers (unless I need something) and then that's sufficient for my needs.

  27. Anonymous Coward
    Trollface

    Epic fail by MSFT

    Windows BAAAD

  28. Slx

    OK, so I get a security hole and no real benefit unless my HDD is totally full.

    I already have very straight forward access to my Dropbox folders on OS X as if they're local...

  29. Stuporhero

    Good idea if implemented properly!

    This has given me a cracking idea. I've been meaning to put my RasPi2 to some use and a SMB <-> Dropbox proxy that doesn't touch my other devices' OS kernels would be perfect!!

  30. Brian Allan 1

    Nope, not on ours...

    Nope, not getting installed on our machines. Too high a risk of "invasion"!

  31. Federal

    They need to be sure the ransomware gets ALL your filles

    Make sure it's fully attached and accessible as a "local" set of files.

    Wouldn't want the encryption daemon to miss any cloud based backups!

  32. Anonymous Coward
    Anonymous Coward

    An even better attack vector for governments and hackers to get at your system.

    I hope their service has a way of not using the kernel extension otherwise it will be the end of my subscription. There are plenty of other similar services now that are all eager for my money.

  33. Anonymous Coward
    Anonymous Coward

    Will be outlawed for most people at large companies

    There is no way on god's earth that a lot of large companies will allow this to be used on a system that also contains their data. i.e. Not just the company owned systems, but also the personal systems that just have incidental use business data on them.

    Unfortunately this is another great idea that has built a head of steam in a small group in the valley without understanding how the real world will respond.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like