 I've been using Sync thing for, well, I did a video about it three years ago, but I know I was using it maybe a year or two before I did a video. The project's been around a while. I've been using it for a while. It is a great project and it's still my go-to system for how I sync all my data between my desktops, my laptops, or even my servers. Now, you're probably saying, well, Tom, didn't you do a video on NextCloud and why don't you use NextCloud? It's an amazing project and you're not wrong. NextCloud is outstanding as a project. I don't know of any flaws in security related, but we're going to talk about why I use Sync thing versus NextCloud. And it comes down to, I know NextCloud is convenient, but Sync thing has a smaller threat surface. And that is a big factor in the data that we're synchronization is how much exposure do you want to have. If you're not familiar with the term threat surface, it's going around a lot in security because threat surface refers to just how big your risk is, what are all the attack factors that could be attacked with Sync thing. It's much, much narrower and much easier to manage the threat surface versus NextCloud. Before we dive into that topic a little deeper with Sync thing, let's thank a sponsor of the channel. So, this is IT training you'll want to watch with IT Pro TV. These people are great. They have some excellent plans and we reached out to them. We weren't pursued by them as a sponsor. We pursued them to sponsor us. And one of the reasons why is we just kind of figured with me doing all the IT training, people always go, how can I learn more? How can I get certified? How can I dive deeper into a topic that you don't have time to cover? You just don't know, Tom. And that's true. I don't know. We use IT Pro TV for a bunch of our training. My staff uses it here. They all have accounts. As part of the business plan, as part of the offerings, we encourage everyone to keep going and furthering their knowledge. And they have an entire class related, slightly to what we're talking about today when we talk about reducing threat surface, intro to incident response, part three. They have an entire series for the EH counselor certified incident handler. And there's a lot that goes into the state offer, computer hacking and forensics investigation incident handler, certified encryption specialist. These are things that are really handy to know and understanding how the knowledge of how security works and some of the functional, especially when it comes to the legal side of it, is really important. And of course, as we're talking about reducing our threat surface here, they're going to have a lot of discussion about, you know, all the different methods of attack. And after you're done watching something like that, you frequently go, how can I reduce my threat surface? The more time he's been in security, the more time he's been thinking about it. So check out IT Pro TV. We have links to them and many other sponsors of this channel down in the description below. All right. Let's jump over and talk about these topics. Protecting your data, the self-hosted productivity platform that keeps you in control. Now, I really do like NextCloud as a project. They do have a ton of features. They have a lot of big companies. It's a well-mature, updated project. It means it does get a lot of attention if there were a security flaw in it. So you, despite having a lot of exposure, you're running an entire web server that you're allowing internet access to, to synchronize not just files, but be able to collaborate in documents, that is a wonderful feature of NextCloud. I really like it from that standpoint. I mean, you've got calendar sharing, everything else. I really do like the project. What do I use SyncThing for instead though? Well, the only real crossover between NextCloud, I mean, NextCloud supports file synchronization, but of course, that's the only thing SyncThing does. Without all those fun, fancy features, obviously you just have less to update and less risk. And for my use case, it works really well. So the SyncThing project's been around for a long time. I've been using it for a long time. It's one port with TLS security synchronizing files. Now it doesn't get into the side of encrypting any of those files. It doesn't get into the side of encrypting data at rest. It's a transport method to synchronize files. All the transport layer it uses is very well secured and it will go over the security principles real quickly how it works, which their documentation, by the way, is quite in depth and well written. So security is one of the primary goal, project goals. This means that it should not be possible for an attacker to join a cluster uninvited and it should not be possible to extract private information from the intercepted traffic. Currently this is implemented as follows. And what they're saying here is they have a key that is not easy to crack with TLS. So if you wanted to join my group of SyncThing vial synchronization, you would need to have that encryption key. Not only would you have to have it. Even after you have the encryption key that you use to get to one SyncThing joined to another SyncThing, there is still a series of prompts in SyncThing that someone has your encryption key and they would like to join and then it takes manual action on your part to get the system to join and then another manual action to share those files. This can be more automated. You can force levels of automation into it once you've shared the key to auto join certain things. But that would obviously reduce the security. So I have it set to the normal stock method, which default is, it's not going to just allow someone. So even if I were to show you or let you have access to my keys and the IP addresses that connect this, it still wouldn't join without me manually intervening. So right there, it's obviously a lot more challenging to get in. Other things I do on my SyncThings, I know the IP addresses of the machines. Well, I have static machines. I have a free NAS here and I have another SyncThing set up at an offsite location that has a static address. My laptop is all over the place, so it has a dynamic address, but via a VPN into the office, I can always get back to my SyncThings servers and SyncThings. That being said, I turn off global discovery, natural reversal, local discovery, and relaying. I just don't need those features. This specifically is our local free NAS that we have here and it keeps everything up to date as I create files. I have it running on my laptop, I have it running on my desktop and this allows me to immediately, as soon as I make a change to a file, it senses that change and a change propagates across all the locations and that change has revisioning and I've got a few videos where I dive deeper into some of the strategies for using it. Right now even, you notice that it says Studio Videos, updated 2019, 10, 6, 11, 4. I even have our studio computer, which is actually right behind the camera there. Well, technically it's off to the side, but details. It, as the files are created when I create this video, we're using the OBS Stream Deck. I've got a whole detailed of how my studio works. As those videos get created, they also get synced to a folder on the free NAS where my videos reside. So they are getting copied off the local workstation immediately over to the free NAS. That way, when I go on my office and edit, all the files are there immediately. So it works for synchronizing those for my server backups. It is constantly as the servers create files, not the whole VM. They create an encrypted file on the server. Once the file server has got this file, it's encrypted, password protected. It then drops it over on the free NAS and the encryption key only lives on the server. So then SyncThing finds a new file and it synchronizes this encrypted file. Even, I use Unify a lot, so even the Unify, every hour creates these data files. So SyncThing takes care of that. And the data files are actually really small, despite how big our deployments are. It's not that much to sync, so keeping them synced hourly. And then, of course, replicated offsite. That way, if anything catastrophic happens to the building, all of this is replicated offsite. And then from offsite again, it's replicated to get out of my house. So it now lives in multiple locations in real time. Plus, if you were to delete all of them here, it would propagate to delete at the other locations. But there's a 30-day hold at all the locations where you can do revisioning, referred to as trash can revisioning. So anything gets into trash, it just holds onto that trash for 30 days. I usually notice if something's missing for 30 days. Even my business documents here, there's really not that many business documents it takes to run a company, some spreadsheets and things like that. As I edit my financials here on my laptop, they get synced. Other things that are synced, it says updated top five command history. And if you follow a tweet I did, I'll even show you what this is. Someone tweeted out a really simple script, and I was like, this is clever. So this is the top five command history. And I was sitting on my laptop, I seen it. I went and copied, pasted the script and ran it in here. I'm like, I like this. I might use this once while to see what my top five commands are, maybe top 10, maybe I'll tweak it later. But then it's just, I created it real quick while I was sitting on my laptop. And now it's at all the locations, and it's back at my desktop if I wanted to do something else on it. And this actually goes for all the bash scripts that get created in here. Anytime I have something quick that I need created, I'll create a script down there. And because I can set this up and you can set syncing up to sync specific folders, if I have just these bash scripts that I need because of another project I'm working on for another video, I just put the scripts I need in there. And then I can also just load syncing really quickly on that particular project VM. And all of my bash scripts are immediately synced to it, making it once again very simple. So syncing is really very much just file syncing. And because it's file syncing and I have easy to find static addresses, when you could build your server in the cloud and encrypt it, you could have a free NAS box that runs it at home or even a free NAS box at work. And some of it's the way I have it and just have those two talking to each other. You're only exposing one single port, the software auto updates. The software is really well documented. The encryption is standard TLS, so they're using normal. They didn't try to reinvent the wheel with encryption. They're using solid encryption libraries. And it's very, very lightweight. So it takes almost nothing to have it running on your system. And once you turn off things like local discovery, you've also removed some more options for people to find you, because it's not just broadcasting out there. But maybe you need those features. And even if you need them, other than them knowing as in them being people that can join your network or see your network traffic that you're using syncing, you're really not that insecure. So it's a solid product. I really like it. Maybe I'll do an updated video as I realized it was three years ago, since I did how to get started with syncing video. But they haven't really changed much over the years. The same methodologies work. The project has matured. It has gotten better, faster, more efficient. Matter of fact, that's one thing I probably should do an update video on. And when you look at the feature set now versus the feature set three years ago, definitely they've improved. The way they do file watching has become more accurate and faster. And by the way, this is completely across platforms. So even if I have a Windows project where I need to synchronize some of the files, I can spin up a Windows VM, load sync thing on there, and it will synchronize between the Windows computers. We've actually set this up for clients. We've set this up for people who want to have kind of a cloud agnostic, I should say. So they're like, I don't really want it in the cloud. I'm not sure I want to be dependent on someone else's protocols or their terms and conditions. And by the way, we've worked with a handful of companies that have engineering secrets. So they don't even like any type of remote access. They want their two facilities to synchronize specific documents like engineering things and so-to-speak secrets that they work on without having to have a third party that can see that data. There's ways to do that by encrypting it before you send it to Google Drive, before you send it to Dropbox or whichever company. But with sync thing, all my data is encrypted at rest on my laptop when I close the lid. And sync thing's just a transport layer between the two. So it's not involved in that. And no third party has to be involved at all. They do have some global discovery servers. If you need natural versus on things like that, it does support. So you don't have to open any ports. That is a feature that you can do with sync thing with your global discovery and relay servers that they offer for free. So you have options if you're out in the field. They even have a phone app, at least for the Android. So you don't have on anything to my knowledge for iPhone anymore. But it's a great project. Check it out. I'll leave links below where to get this. And thanks for watching. And thank you for making it to the end of the video. If you like this video, please give it a thumbs up. If you'd like to see more content from the channel, hit the Subscribe button and hit the bell icon if you'd like YouTube to notify you when new videos come out. If you'd like to hire us, head over to laurancesystems.com, fill out our contact page, and let us know what we can help you with and what projects you'd like us to work together on. If you want to carry on the discussion, head over to forums.laurancesystems.com where we can carry on the discussion about this video, other videos, or other tech topics in general. Even suggestions for new videos, they're accepted right there on our forums, which are free. Also, if you'd like to help the channel in other ways, head over to our affiliate page. We have a lot of great tech offers for you. And once again, thanks for watching and see you next time.