Dropbox (dropbox.com) has been getting a lot of attention in the open source community lately, mainly due to the fact that people think the client is open source.
Before i start, id like to say that i do think Dropbox is pretty neat and i also think close source has its place in the world, though i would always personally choose the open alternative.
Anyway… “Dropbox is not open?!?” you say, “But the source is available on their webpage?”. This is correct and very very wrong at the same time. The Nautilus plugin is open, but contrary to common belief, it is NOT the dropbox client. Once you’ve installed the Nautilus plugin (which is 66k) it will download 35megs of closed souce in the background into the folder ~/.dropbox-dist. Without asking permission.
The Nautilus plugin only does a few things like enabling the dropbox right-click menu, handling the icon-overlay in nautilus and so forth. Basically the Nautilus plugin only handles the “visual stuff”:
All the “real stuff”, network- and filewise, happens in a “small” 7.8meg (closed-source) daemon called “Dropboxd”.
The plugin talks to the daemon through a named pipe (fifo pipe) located in ~/.dropbox/. Dropboxd itself is made in python and compiled into a binary.
It uses a lot of well known libraries like rsync, zlib, the bz2-lib, SDL, libfreetype, openssl, sqllite ect.ect, all downloaded in binary form through the before mentioned background process and saved to ~/.dropbox-dist.I havent checked the licenses of the libs used, but i assume they all allow for closed source distribution.
It doesnt bother me that people make closed source software using open source libraries* (except when Microsoft does it), but what does bother me, is the feeling of being tricked into installing a closed-source app on my open source system.
* when they give a little code back to the community. Imagine how fast open source would move if all proprietery projects gave back 5-10% code.
- Dan
Comments
Thank you for the clarification about the client. That also explains why nobody just hacked together a server already. Thanks again. I will avoid dropbox now.
I am writing to FSF to investigate dropbox use of:
readline (GPL licensed)
rsync (GPL licensed)
freetype (FreeType licensed — requires acknowledgement)
zlib (you must not represent that you wrote the software)
libgcc (you must not distributed it unless linked into the executable)
dbus (requires acknowledgement of the origins)
John:
Really nice work on checking up on the licensing. And i can see Rsync is actually GPL 3.0, which i assume means they must also share any rsync modifications residing on their servers as well..
Im very interested to hear what FSF says, if they give you a reply :)
I realize I’m a bit late on this one, but I just came across an article in the latest issue of Linux Magazine, which talks about dropbox and its merits. And I’m with you, it’s a bit tricky. Frankly, I’d rather put some energy into an open-source equivalent and will probably take that on as my next little project.
IANAL but from what I understand, at least for GPL stuff. You can USE gpl stuff in close source software. But any changes you make to GPL stuff you need to make available. Just because I make a closed source program that uses rsync *as is* to transfer files I would still be ok. Now if I modified rsync in some way or fixed some bug in rsync that was giving me errors, then yeah I’d have to make that source code available.
I think the other licenses fall into that. Only exception is freetype since it sounds like you do have to indicate you’re using freetype. But like with zlib. If dropbox said they use a proprietary compression algorythym to speed up transfers, then they would be taking credit for zlib.
Again, can’t say for certaintity but that’s my understanding of it. I do know that the company I work for could grab rsync, modify it to our hearts content for INTERNAL programs and such. The GPL only kicks in if we distribute a program that uses our modified rsync.
forgot to mention that with all that said, dropbox should at least do a blanket acknowledgement like “built on some of the best open source software (link to page saying what they use) to deliver the best blah blah blah”
I still use dropbox though.
An opensource-ish alternative is to write wrappers around something like amazon’s S3 service. You’re storing the data in a proprietary location but the frontend, dropbox-like stuff, could be written in an open source app. I currently use Jungle Disk for this, which is closed source but they do make available code to extract the files from S3 if Jungle Disk were to go under.
Hi Todd..
No GPL is very restrictive. If you use ANY GPL code INSIDE or LINKED to your program, modified or not, the ENTIRE app MUST include the complete source everytime you distribute it. And im pretty sure that applies to internal-apps as well. It doesnt say you have to stick the code on the internet, just that anyone who receives a binary copy of your app, must be able to get the source as well.
If its LGPL, you may use the library (eg. librsync, if it is LGPL) in a closed source app, without providing the source for your own application.. However you MUST provide the source for the LGPL lib upon distribution, including any changes you may have made to the lib.
So either way, upon installing DropBox you should be made aware of any libs that are GPL/LGPL and receive instructions on how to get at copy of the source.
Also the GPL license itself MUST be included as well.
However, if your hypothetical app were to use rsync, (and lets say rsync is GPL), but it uses the rsync PROGRAM as-is, ie by execĂșting “/usr/bin/rsync”, then the SOURCE isnt linked to your application and you dont have to distribute your own code. But you still need to make the code for rsync available and include the GPL license .
is there an open source alternative? Hosted or on my own server doesn’t matter..
thx a lot for your replies
I second the request for an open source equivalent that could be hosted on our own servers
I think that a open source alternative would be Ubuntu One, though it is not cross-platform (will not work on linux) and as long as I know, it is still at it’s beta state.
If you own a server, than why don’t you use subversion?
typo: Ubuntu One will not work on Windows!
yeah. ubuntu one has got potential, but according to thier wiki, the server is proprietary and thus, not open source.
so you wont be setting up your own server any time soon. but if you dont need that,it looks really great.
Is there any open source script that can be use as a service and witch works on any platform ?
In fact there is a similar open-source project sponsored by Novell called iFolder: http://www.ifolder.com/ifolder
Be careful of ifolder. I have spent the better part of a week working with the latest version (3.8) and have been very disappointed. Although the tool has great potential, numerous client/server *critical* issues go unnoticed and everything appears to work just fine. Later, however, you find the the server rarely has copies of everything on your local machine - even though the synchronization process says everything is fine.
I poured through the log files and found many sync-related issues that were never reported by the client GUI (bizarre Policy-Type errors in the log file). In addition, the sync engine uses a DB to store the list of files to track. Unfortunately, if any file gets deleted on the server (by accident or otherwise), the sync engine never knows and you will be stuck with rebuilding your iFolder server.
I hope the guys at Novell will iron out these nasty bugs because I really don’t want my private data stored on external servers.
Still looking for a solid, open-source tool like dropbox…
The freetype acknowledgements is in ~/.dropbox-dist/ACKNOWLEDGEMENTS. Agreed with the post point of view.
dbus acknowledgements is also in the same file.
@Dan:
Be a lil more verbose when throwing statements like that about GPL around since there are both GPL 2 and 3 apps there. GPL2 you DO NOT have to open your whole app, just give back any changes to the GPL2 apps and provide a way to get the code for the 2 apps. now the GPLv3 DOES require that you open the whole app, and has yet to be tested and much like any other license that has attempted to do something similar in the past will be unenforceable and render the whole GPL3 null in a lot of states and countries if they do test it.
@Jason:
I’m sorry, but you’re mistaken. You are confusing GPLv2 with LGPL. LGPL does not require you to open up youre entire application, GPL does.. Any GPL does. Thats the whole point of GPL..
Furthermore, the GPL (with the “opening of the entire application”) HAS ben tested in court several times and has won several times as well. To name a few, D-Link lost in 2006 and in 2005 Fortinet was forced to make their FortiOS available free in compliance with GPL licensing.
You should try googling “GPL Violations”.
Well, here’s a free open-source DropBox alternative for Windows:
http://code.google.com/p/iqbox-svn/
It uses any SVN server. 3 days of coding and it already is great but the user must know SVN- Things like cleanup and dealing with conflicts aren’t supported yet.
.. Real-time sync (detects file changes automatically, syncs 20s later)
.. Only uploading parts of a file that change
.. If your SVN server supports it, SSL.
@Simon
Yeah, but unfortunately, its windows ONLY.
Yup I know.. I’m waiting to see the level of need. If its high I’ll move it to something cross platform.