> There's something abrasive about implying that customers paying and using capabilities of their highest tier as non-genuine.
I disagree. Their website makes it abundantly clear that this product is for employee productivity. The people doing this are well aware that what they're doing is hacky and costing Dropbox lots of money.
They didn't. They called it "Dropbox Advanced for businesses" and whenever they mention storage it's always in the context of it being for team collaboration or documents.
"As much space as you need. Get as much space as your team needs for storage and collaboration."
Unlimited within reason. That kind of technical nitpicking the same tactic crytobros use when they power their rigs with residential power included in their leases.
Dropbox probably tunes their systems to loads and access patterns seen in normal documents-based business usage. Not for backing CDN services and such.
yeah, I really wish the FTC would really come down on companies using 'unlimited', but companies coming out and saying "customers using the service as advertised are abusing it" are ridiculous. I do appreciate that they're at least going to a hard limit instead of a "at our discretion" limit that a lot of phone carriers used for a long time.
What's the best way to store around 300TiB data cost-effectively? Assuming would have access from time to time to around 25% of that data (monthly) through 1Gbps connection.
On-prem seems to be the best, but carrying around 30 disks is no small feat.
Edit:
The data will not be mutated after write. Might append new data occasionally after the first dump.
The main questions would be durability and availability. Maybe only because I am scarred by experience but "on-prem" seems to me quite obviously the worst possible way to do it.
Why not both? Store it locally for ease of access, maybe with a solid state cache, backup in the cloud for durability. Storage is cheap nowadays. The more interesting question is availability - at the current HDD sizes, "classic" RAID is not sufficient.
The same number of disks as you were using when the disks were smaller.
I'm comparing like-for-like except disk size.
> One of the more common scenarios with consumer grade hardware is a degraded array getting completely lost while being rebuilt.
Which is why I mentioned regular testing. If your disks are on the verge of death it doesn't matter how much parity you have or how big they are, a rebuild has too much chance of failure. You need to make sure they can handle a moderately heavy load.
But if you're putting them under that load regularly, a rebuild is very unlikely to be the last straw for multiple drives.
As far as I know, even with the recent increase, Backblaze B2 is still the most cost efficient option at $6/TB/mo... but I'll be watching replies closely.
Is there some 3rd party client for their backup service for linux? I was just looking at them for offsite but I have mac and linux boxes to back up, not mac and windows.
how often is the data being appended or modified? You might consider a blended solution with the most cost effective on prem-disks w/ no durability or backup, then writing any additions to cold storage which is cheap. The only time you need to access that is (hopefully rare) restore scenarios.
This blog post continues the habit of "Good News Now, Bad News Later" by titling the blog post:
"Updates to our storage policy on Dropbox Advanced"
At this point I just assume that "updates" are always a price increase. For those in the future wondering, this was originally posted with an editorialized headline of "Dropbox Axes Unlimited Cloud Storage for Businesses". While it's generally HN policy to change editorialized headlines back to their defaults, I would argue that HN should not be complicit in businesses' attempts to cowardly soften the blow. HN should keep the editorialized headline.
Aside from that annoyance, I'm not surprised in the slightest that this was done. Crypto was designed as a vehicle to push the base assumptions of Austrian Economics - i.e. extreme individual liberty in exchange for no free lunches - and thus the one thing it's good at is eating your free lunches as quickly as possible. If you give things away, people will construct a way to get paid for burning what you've given away. The Internet is uniquely hospitable to this kind of misbehavior, so everything has to have a cost, no charity, no welfare, etc.
Creators who are working with 4K and 8K assets probably need a lot of storage. What do they typically use?
Dropbox prices are pretty good. I was looking at even AWS s3 _glacier_ and it seems way more expensive.
Does this mean that if everyone used their entire capacity it's like a bank run and Dropbox goes out of business? Or is storage actually cheap and AWS makes big margins on it?
> Dropbox prices are pretty good. I was looking at even AWS s3 _glacier_ and it seems way more expensive.
That's because glacier stores exactly what you tell it to store. Dropbox is taking advantage of a lot of compression techniques to keep their storage volume down. For example, if two users upload the exact same file twice, they can just store it only once (they can also do this for chunks for files that are identical).
> Does this mean that if everyone used their entire capacity it's like a bank run and Dropbox goes out of business? Or is storage actually cheap and AWS makes big margins on it?
I don't know about a bank run, but Dropbox would most likely go out of business eventually if everyone used their full capacity and they didn't adjust their pricing structure. There's most likely some customers they take losses on to keep their pricing structure simple.
I don't know Dropbox's Enterprise storage pricing, but I know Backblaze charges $5/TB for simple cloud storage. That means, ignoring drive failures and redundancy, it takes less than 3 months to RoI on hard drive purchases. With the high level of redundancy these services tend to have, it's probably closer to 1-2 years.
On the flip side, AWS S3's standard storage tier is a whopping $23/TB. They're making absolute bank on that. Not to mention their stupidly high egress fees (Which are even higher when using Glacier!) if you ever actually use it.
> Dropbox prices are pretty good. I was looking at even AWS s3 _glacier_ and it seems way more expensive.
I'm not sure what you mean?
Unless you're grandfathered in, the new limit is 5TB for $24 and glacier would be $5 plus bandwidth fees.
And as just one example for competitors, Hetzner offers 5TB of nextcloud for €17 and 5TB of storage for €13.
If you're talking about the 35TB limit, yeah that's a great deal and nobody can have it any more. The larger users were subsidized by the smaller users, which is a delicate balance.
> enough space to store about 100 million documents, 4 million photos or 7500 hours of HD video
This is my favorite type of corporate weasel-wording. 35TB would actually only be enough for 260 hours of HD video from my camera (300 megabits per second ≈ 0.135 terabytes per hour).
Pretty much! I wrote exactly the same in a previous thread, in nowadays standards, 5 TiB is barely enough for a home storage let alone business or even enterprise!
Very few people were actually using the unlimited plan (1% only had more than 35TB, and a lot more than that) and those that actually used the unlimited part were mostly abusers. Running file hosting is not an easy business
> can't really sell something unlimited and then call who's taking benefit of that "abusers"
Colloquial versus contract. It's sold as unlimited, because for most people, it is. Similar to how salt and pepper at restaurants is practically unlimited, even if you can't demand they hand you all the salt in their kitchen.
In practice, marketing as unlimited to suss out the use distribution before capping it where it becomes uneconomic seems to be a valid strategy. (The fraction of users curtailed plays into perceptions of fairness.) With that framing, this story has no bad guy.
> Can't say I've ever seen a restaurant advertise "unlimited salt"
Neither do they advertise their lack of food poisoning. It's baked into the concept of a restaurant. Unlimited != infinite; it's a fuzzy boundary, and that is okay.
> Entering a restaurant that has salt on the table is nothing like me entering into a written agreement for unlimited salt from a salt distributor
What in Dropbox's terms of service do you think they're violating with this move?
Buying unlimited storage for common use fits into the paradigm of the not needing to be stated understanding on what unlimited means to a reasonable person. If you want to get more precise, the terms and conditions specify that Dropbox may, at its discretion, take various actions.
If I buy "unlimited salt" from a salt provider then I expect actually unlimited salt.
If I buy a meal from a restaurant and that restaurant provides complimentary salt on the table I do not expect unlimited salt.
Selling something as unlimited at a fixed price is clearly stupid unless there is a limit on the speed of the consumption (like the salt provider saying that you can have unlimited salt at a maximum rate of 1kg per hour or so). For something like dropbox it is even more stupid since every unit of product sold will increase their running costs.
Simpsons did this in a very early episode, where Homer got kicked out after eating too much.
Really though, I find that buffets are all-you-can-eat with the asterisk that you can't stay more than a certain time (usually 90-120 minutes?) and that you can't take any home.
> Simpsons did this in a very early episode, where Homer got kicked out after eating too much
I don't remember who did it but I recall a skit that went the other way. Someone went to an all you can eat restaurant and to their dismay discovered it meant all you can eat. The restaurant would not let you leave until you could no longer physically eat any more.
Not sure which example you're referring to, but all the "all you can eat" restaurants I've been to always respected their promise, as in, you literally can eat as much as you can.
I was never charged more because they decided I was full. Certain restaurants have a "no food waste" policy that will make you pay the stuff that you don't eat.
You definitely can if they're blatantly not using the product as designed. If I offer "unlimited pdf storage" and then people start encoding petabytes of videos as PDFs, that's abusing the system. Dropbox for business is for business documents, not for crypto miners
"Unlimited" anything is frequently taken as a challenge. If you were to create an anonymously writable S3 bucket and go on Reddit or something and say "hey everybody, store as much of whatever as you like," it'd take about 5 minutes for you to get a billion dollar bill and an arrest warrant. When GMail announced its gigabyte email thing, it took like two weeks for somebody to create gmailfs. And then you have the bad actors that say "unlimited" but declare fairly reasonable actors as cheaters, like Comcast.
This constant push for a return on investment and the mindset that we must grow forever has the vast majority of internet users churning between centralised services that promised an unsustainable level of service at an equally unsustainable price point.
It's a shame to watch the slow death of yet another service that was making people's lives easier. Can't really say I'm surprised, though. I have to imagine that it's incredibly, incredibly difficult to resist the urge to sell. The key differentiator seems to be whether you get to walk away with your reputation intact among the sort of people who take a hardline stance on this.
Thing is, most of those people probably wouldn't gamble a life-changing sum of money for yourself and the people they love on principles - and ironically, we can't really judge them for it with the world we live in and its incentives.
VC-funded blitzscaling is just the latest meta, and it's no fun for anyone. So much useful potential squandered while everyone has to watch the centralised, closed source, S/PAAS tools they rely on becoming more encumbered, limiting and expensive.
As Tom Toro so famously put it, "Yes, the planet got destroyed. But for a beautiful moment in time we created a lot of value for shareholders." If people will make that choice when it comes to the land we live on and the air we breathe, you can see why they'd find it a lot easier to do exactly the same thing for some code tearing its way through a lump of silicon.
Shouganai. Someone will just make another Dropbox. The cycle continues.
> But over time, we found a growing number of customers were buying Advanced subscriptions not to run a business or organization, but instead for purposes like crypto and Chia mining, unrelated individuals pooling storage for personal use cases, or even instances of reselling storage.
I don't get it. Those customers are using the subscription precisely to run a _Business_.
It's inevitable, isn't it? Especially with computers, if you advertise something as "unlimited" people will consume unlimited amounts of it, then you find that has real costs.
I'm surprised to hear that Chia is still going, though. That was one of the worst excesses of the crypto boom, driving up prices of storage for real users.
"But your honor, it's obvious that we can't actually provide what we said we'd provide, so they should have assumed we would do less than that."
No. It's not on the customer to decide what a reasonable interpretation of the company's offering is. It's up to the business to inform the customer clearly.
> not on the customer to decide what a reasonable interpretation of the company's offering is. It's up to the business to inform the customer clearly.
Clarity is in the eye of the beholder. This is why we have reasonableness standards: it's impractical to specify ex ante every term of a trade to infinite precision. Most people understand the intent of the term "unlimited" here, and given the fraction of accounts affected, this seems fine. (Also, until this announcement, it was unlimited. They're just discontinuing that. Unlimited doesn't mean unlimited forever.)
Nobody is suggesting that words be outside their definition. It's that the definitions are not super super narrow. And the other issue is that one person's interpretation of a word's most narrow definition is not going to be objectively right.
I get it, but these companies could save themselves this kind of headache by just being more accurate about what they're selling.
Like if I bought "unlimited" streaming vs. "Streaming limited to one screen at a time for one user" I'd be much happier about finding out that I can't watch one show in the bedroom and a different one in the living room than I would with my "unlimited" service.
I don't disagree at all. I'm just saying that the legal system actually is equipped to deal with this kind of vagueness, which is generally a good thing.
I don't think that I'd parse "unlimited" and "infinite" in the same way.
Some things are naturally limited by rate delivery, and advertising "unlimited" seems fine. e.g. I don't see a problem with advertising a phone plan as having "unlimited" minutes, rather than specifying a limit of 10,080 minutes per week. The number of minutes are not infinite, but neither are they limited by the carrier.
> I don't see a problem with advertising a phone plan as having "unlimited" minutes, rather than specifying a limit of 10,080 minutes per week
If you buy thousands of these phones, hook them up to a modem, and use them to send and receive information over the carrier's airwaves 24/7, you will overwhelm your tower.
Yes, and? Everything that is supplied by physical processes has some physical limit. It's fine to use "unlimited" to refer to things that are subject to physical constraints, it's not the same thing as "infinite".
If you take unlimited in its most literal meaning then no, you can't provide unlimited anything. However, I think there's a difference between saying you provide unlimited storage, and a SaaS tier supporting 'unlimited' users.
Yea it's true that if someone tried to truly exercise the latter, for example by allocating several trillions of bot accounts, then for sure you're going to get a call from the provider politely instructing you to desist. And I think that would be reasonable of them, and the marketing should not be considered deceptive.
The question is, does the same logic apply to TBs of storage? Is there anything that distinguishes these two use cases?
I guess the marketing offer of 'unlimited' could perhaps be read as 'all that 99.9% of customers ever need, but if you're one of the remaining 0.1%, you have to pay extra'.
That is to say, perhaps 'unlimited' could be read as a class of user that encompasses the vast majority of cases, as opposed to a literal resource quota. Is this reasonable or deceptive?
> perhaps 'unlimited' could be read as a class of user that encompasses the vast majority of cases, as opposed to a literal resource quota. Is this reasonable or deceptive?
Depends on the facts and circumstances. When cellular providers throttled unlimited plans, I felt like it was deceptive. In this case, I do not. I am curious if those cut off genuinely feel they were deceived.
Yes it should, so many places use it when they actually just mean "until our costs start getting overboard since we didn't account for more than 0.0000002% of people to use above X limits", or with so much fine print that they should be forced to make that fine print regular print.
It's a nasty tactic, and gives people the wrong expectations and in turn ruins markets to all start using such terms to offer "competitive" unlimited tiers.
Business like to advertise things as "unlimited" when there are some natural limits. There are "all you can eat" restaurants, but nobody can eat 100 kg of food. My internet provider and my mobile provider give me unlimited traffic, but it's limited by the effective speed (and the mobile traffic speed is clamped after several gigabytes per month).
But when a natural limitation is lifted, the businesses have to reconsider their "unlimited" policies.
They could have said "Our profitability is dependent on being able to oversell our installed capacity. We used 'unlimited' as a linguistic shortcut for 'unlimited with a list of caveats,' but we got more sign-ups when we called it 'unlimited.'"
Alas, the alternative appears to be to shut down their 'unlimited plan', and blame crypto. Sorry for those customers who bought into their failed product offering.
They don't have to allow multiple clients on the same license to all have fast upload speeds at the same time.
If you mean per license, that scales with the amount of money and a reasonable limit on 3 licenses doesn't have to allow all that many terabytes all that fast.
Yes, but then you are implementing somewhat arbitrary restrictions on everybody, in order to work around an abusive subset of users. All else equal, you want to be able to advertise uploads that are as fast as possible (eg. to entice valuable customers to migrate from your competitor to you).
But I do think that targeted throttling is a good way to deal with this problem. As I said elsewhere, detecting abuse is heuristic and false positives are horrible when the enforcement is to shut down accounts, but a false positive resulting in throttling is not so bad.
Yes, but does the difference matter? Either 750GB per day or 2.25TB per day would provide a good amount of time to find rule breakers before the costs approach $72. And the limit doesn't have to be exactly the same.
To repeat something I said to start this thread (edit: just realized I actually said this in a different thread nearby[0] - my responses here probably only make sense in the context of my responses in that thread, sorry about that), which I think seems to keep getting lost: It is not impossible to enforce this, it is (like any arms race) a costly ongoing burden that is much more difficult to implement than the "you can easily enforce this" responses in this thread.
This is no different than any other "I could implement this in a weekend" thread that you see here. I'm not saying "Dropbox is incapable of implementing enforcement for this ToS violation", I'm saying that I'm confident they've already spent many millions of dollars on it, and have decided (wisely, in my view) that changing the product to more fundamentally preclude this kind of usage is the better trade-off to take.
So, having said that, to answer your question: at 750GB per day, uploading 1PB in a week only requires parallelism of 200. That is not many users for an "enterprise" account. (And I suspect this becomes costly well below 1PB per week.)
You'll be able to think of "well you can just ..." for that as well, and I promise you that there are "the abusers can work around that by doing ..." for those things. Because, like I keep saying, it's just a normal arms race pattern. It's not that there is nothing you can do about any particular thing that people do, it's that you have to keep doing it ad nauseam.
By the way, this change to the product is also just one more parry in this arms race. It is unlikely to fully solve the problem (and I'm confident they know that), just another useful tool.
> which I think seems to keep getting lost: It is not impossible to enforce this, it is (like any arms race) a costly ongoing burden that is much more difficult to implement than the "you can easily enforce this" responses in this thread.
Right, but my idea is that the cost is less than the payment they receive.
> So, having said that, to answer your question: at 750GB per day, uploading 1PB in a week only requires parallelism of 200. That is not many users for an "enterprise" account. (And I suspect this becomes costly well below 1PB per week.)
I think you missed part of my argument, which is that if you want parallelism 200 then you need 200 licenses, which means dropbox gets $4800. That's much more than enough to pay for the 120 terabyte-months such a user would consume in that week.
There is the worry about how high of a spike it would be versus their buffer of free space, but someone signing up for 200 licenses at once at maximum upload rate and thinking they'll avoid scrutiny is... pretty unlikely. Also if we assume they'd run it similarly to how they used to do it, they'd have to be manually approving increases on that giant pile of data, so that brings even more scrutiny.
Also I think their limit for quite a while was 100TB per week for the entire organization. No need to worry about petabyte spikes then.
> Because, like I keep saying, it's just a normal arms race pattern. It's not that there is nothing you can do about any particular thing that people do, it's that you have to keep doing it ad nauseam.
Which is not a problem if you're getting enough money for the trouble.
I have some experience with this. It is, in fact, very hard to do this. It is possible, but certainly not easy.
There are a few challenges that make this harder than you might think:
- It's a never-ending arms race against adversaries working actively to evade detection.
- It is necessary to find detection approaches that abide by security and privacy requirements.
- Detection of this kind of behavior is inevitably heuristic and false positives are incredibly bad.
To put a finer point on that last one: The flip side of "it's easy to detect and shut down abusive accounts" is every article or tweet or blog post like "look at all these normal people who had their accounts permanently disabled without explanation or recourse".
1. It is already in violation of the Acceptable Use ToS which implies they already have solutions in place to detect this behavior. https://www.dropbox.com/acceptable_use
2. It is easy to detect large amounts of disk usage with a high number of read/writes across wide swaths of the storage.
> It is already in violation of the Acceptable Use ToS which implies they already have solutions in place to detect this behavior.
Putting it in the ToS is how they reserve the right to put in place solutions. But writing text in a ToS to ban some behavior does not magically create a working enforcement solution.
I'm quite certain they have spent the last few years: 1. Putting that in the ToS in order to give themselves permission to do the enforcement, 2. Working really hard fighting an enforcement arms race with people not complying with the ToS, 3. Losing the battle and painstakingly deciding to throw in the towel.
> It is easy to detect large amounts of disk usage with a high number of read/writes across wide swaths of the storage.
Again, these are active adversaries. Their first attempt probably fit that pattern in a way that was discernible to the dropbox client or server code, but it is unlikely that their current usage looks like that.
Again, false positives are extremely painful when doing account shutdowns for abuse. Other usage that is not crypto mining are free to exhibit "large amounts of disk usage with a high number of read/writes across wide swaths of the storage".
And again, I'm not saying this is impossible, just that it is actually a very difficult problem. And I am saying that I don't think it is at all worth the effort, and is much better to do what this announcement is doing, and not attempt to provide "unlimited storage" as a product at all.
> But writing text in a ToS to ban some behavior does not magically create a working enforcement solution.
Of course it doesn't... but if you're running a storage business open to the public, you're going to implement this regardless.
> Again, false positives are extremely painful when doing account shutdowns for abuse.
These are not personal customer accounts, these are business accounts.
> Other usage that is not crypto mining are free to exhibit "large amounts of disk usage with a high number of read/writes across wide swaths of the storage".
They specifically named Chia mining... so they obviously knew what was happening.
Are you seriously telling me that a company in the business of providing storage can't efficiently detect Chia mining? That's not a great look for Dropbox.
> if you're running a storage business open to the public, you're going to implement this regardless.
Implement what? This specific mitigation for cryptocurrency mining? If so, then no, you weren't going to fight that particular arms race "regardless", and you don't have to at all if you instead implement sensible storage limits, because the whole enterprise becomes unattractive to those miners within those limits.
> These are not personal customer accounts, these are business accounts.
Yes and that makes it even worse. Do you think businesses care about this less than consumers?
> Are you seriously telling me that a company in the business of providing storage can't efficiently detect Chia mining? That's not a great look for Dropbox.
Yes, I'm seriously telling you that it is difficult and expensive for any service to win an arms race like this against an entire internet's worth of potential adversaries. It isn't a bad look for Dropbox at all, it just is how it is; sometimes products become too costly to sell for one reason or another, and this is the case for "unlimited storage" now.
It's a bogeyman. Blaming child porn would've created legal problems for Dropbox, so they went with the unpopular thing of the day, cryptocurrencies. They would've picked AI training data tomorrow.
The only question I have is whether they rummaged through private customer data or just made things up.
They likely already have that clause, but have been unable to enforce it successfully. I would also pull the rip-cord in their shoes. Truly unlimited storage products are a very bad idea.
Protip: For a Linux user, you can already build such a system yourself quite trivially by getting an FTP account, mounting it locally with curlftpfs, and then using SVN or CVS on the mounted filesystem. From Windows or Mac, this FTP account could be accessed through built-in software.
This is amazingly ironic to post given that the original launch post of DropBox on HN famously dismissed the business entirely by comparing it to rsync+ssh.
That comment has been unfairly misread over the years. He wasn't being dismissive, he was trying to help them with their YC application (that's what "app" meant on HN in 2007).
Here is how BrandonM responded after Drew replied: https://news.ycombinator.com/item?id=9479. If that's a prototypical HN dismissal, we're in the sixth sphere of Paradiso.
My favorite part of that is that the author shows up as green since at the time they were a new user, despite the fact that their account is now long-established. Most CRUD apps today would get a detail like that wrong.
You're probably right; I just remember him coming across as upset when I mentioned it a while back. Like I said, I could easily have been the target of all that ribbing myself, and I don't know that I would be any happier about it.
I enjoyed learning more about it though in the threads you linked above. I'm really happy both about this meme and the cogent defense of the original comment. It might be tilting at windmills but its not without value.
Would a business using a self-owned rsync+ssh solution now be shopping for yet another cloud service after yet another backtrack on promises several years in?
There's something abrasive about implying that customers paying and using capabilities of their highest tier as non-genuine.
Conversely, Dropbox never sold this plan as being available forever, and the transition plan seems reasonable overall I suppose.