Comment by acheong08
4 months ago
I regret open sourcing my reverse engineering of Obsidian Sync. I did it mostly for personal use but thought it might be useful for others. After a bit of cat and mouse, they fixed all the "vulnerabilities" that let you change the sync and publish endpoints and now I'm still stuck using a very outdated version. I recently found another way to get it working on IOS again but definitely not publishing it.
Why do they consider it a "vulnerability" that you can change configuration of software running on your own computer? I've heard a lot of good things about Obsidian before, but hearing that basically burns it all up and means I'm going to strongly recommend nobody buy anything from them anymore.
Obsidian distributes their software for free, and makes money on a core plugin called Obsidian Sync (note that it is not open source). Obsidian Sync relies on their cloud to offer e2ee file sync.
Obsidian also has a rich plugin ecosystem with lots of open source plugins that are available and serve the same purpose (and you can use gdrive, dropbox, etc too).
It makes sense to me that they released a proprietary privacy and security focused plugin (that is their core business) and they don't want other plugins to be able to arbitrarily change the server that their plugin is pointed at.
Suppose they have a government customer who is using Obsidian Sync and the sync URL can be changed easily via configuration changes -- now the customer believes they are using Obsidian Sync, but actually their data is going somewhere else.
I don't think you would be surprised to find that e.g. a dropbox daemon has protections to make sure it is pointing at dropbox.com. Why would you expect Obsidian to be different?
(disclaimer: I work on a different plugin that adds file sync and collaboration features to Obsidian)
My opinion is that they should have a rule such that plugins from the official list can't modify the sync url to prevent abuse and phishing but the user should still be able to do whatever they want. The process for manually adding a plugin is already enough friction for users to be aware what they're doing is not "safe"
They believe that through licensing ultimatums you can give that ownership right up, and oligopoly and government's have agreed.
I always just stick my Obsidian vault in iCloud and called it a day. No additional sync service required.
This worked for me until iCloud started cache clearing all my files aggressively so my vault would take ten minutes to open on iPhone. Every few days.
When I tried to copy my vault off iCloud, the copy failed and two years of notes were permanently lost.
I’m never putting anything of value in iCloud again.
Flashbacks to the time I copied iCloud pointers/placeholders thinking I was actually copying files with actual data. Oh well, who needed those few years of documents anyway.
1 reply →
FWIW it has an option these days to keep folders permanently downloaded/local.
This works very well, been doing it for years. Even works flawlessly for me on Windows using the iCloud client.
Really, how? When I add a new page on my Windows client, it never reaches my phone and is stuck in some weird refresh icon state.
I tried this on a windows laptop and another main machine. I just ended up keeping my iPad nearby.
This gets complicated when you want your vault accessible across linux/windows/android/macos/ipad.
The ipad is the real stick in the mud and I don't want to deal with an icloud staging zone for everything else, or try to get icloud syncing on linux/android.
> you want your vault accessible across linux/windows/android/macos/ipad
For that, I use Syncthing [1] in addition to iCloud. It works exceptionally well – I see my edits in real time across different devices.
[1] https://syncthing.net/
Can this work with a windows or nix system in the mix?
Why not create your own plugin? Or use Syncthing, Git, LiveSync, Remotely Save, etc...
I wanted it to work on IOS. None of those were viable. In terms of why not my own plugin, that's just pure incompetence. I don't know TypeScript that well while getting the API done only took a few days. I tried working on a plugin later on for sync but found the docs difficult to follow. In the end, it wasn't worth the effort and I've gone back to just neovim and syncthing. For IOS, I'm sideloading my own app written with fyne (Go) but functionality is really basic.
Did you see: https://t-shaped.nl/posts/synctrain-a-rethought-ios-client-f...
2 replies →
This sucks.
As a free software enthusiast, this screams "don't invest time in closed ecosystems".