Unfortunately, it only works with Macs and Linux boxes (not Windows).
-Ian

I haven’t written or tested this, but see if you think it sounds good:

1. User submits an encrypted zip file. Encryption method should be e.g. AES256 and the key needs to be known to the DropAndCompute script.

2. When the receiving Bash script spots it, it copies it to a secondary, non-dropbox-synced folder before unencrypting, unzipping and submitting the job.

3. If the user drags a *.debug file to the shared folder, it is copied over to the secondary folder where it is actioned and the debug results copied back to the share for the user to see. This step requires no encryption.

4. If the user drags a *.kill file to the shared folder, it is copied over to the secondary folder where it is actioned and the results (just a log file) copied back to the share for the user to see. The secondary submission (unencrypted) folder is deleted. This step requires no encryption.

5. The Bash script has to monitor the log file or the queue to detect when the job has finished. When it has, the secondary folder — now containing the result files too — is encrypted, zipped and copied back to the share for the user to see. The secondary folder is deleted.

The main disadvantage over the clear, unencrypted form would be that the user does not see outputs as they are generated; however, this seems minor.

-Ian

The NGS is currently looking into this/something like it using the idea as we have a fairly significant issue with the location of the resulting data since significant user communities won’t have a clear understanding of the implications of things such as the patriot act.

What would be interesting for example would be that the same simple idea as DB could be used by large data repositories such as UKRDS and the BBSRC data store. The key here is a standard interface that the simple tools can connect into.

Regards

David

Technical Director, UK NGS

To clarify the bit about the “Patriot Act”….
Yes, currently Dropbox shares pass through Amazon S3 servers in the USA.
On the positive side, as soon as you drag your folder of inputs/outputs out of the share, it is gone from the US based server. Data on the servers is also encrypted.

On the negative side: the encryption key is owned by Dropbox. It is possible to do user side encryption oneself, but this is a little tricky as obviously result files are generated by this approach. Also, deleted data on the server can be undeleted. This used to be unlimited versions forever, but now one has the choice of not keeping deleted files, but they do hang around for about 30 days I think.

In the long run we need one of two things:
a) Amazon is moving to keep European data in Europe, on its Dublin data centre. We need to encourage Dropbox to support this.
b) Dropbox could support user-side encryption.

On the Dropbox web site
http://www.dropbox.com
there is a Votebox area. All us Europeans should vote for the above!
-Ian