Hi, Aspect is a very promising app, and I’m considering using it as my main photo management solution. However, I noticed there’s a lack of detailed information about the P2P feature, which I may rely on heavily. I have a few questions:
What is the capacity of the P2P feature? Like, what is the throughput, and is the synchronization done in parallel?
What network conditions are required for it to work across devices on different networks?
What protocol or specification does it use? Is it an existing one like Syncthing or BitTorrent Sync, or is it custom? If it’s custom, can you provide the specifications to evaluate its security?
Hi, there is still a lot of extensions planned for the P2P synchronization, so I’ll try to summarize the current and planned state a bit.
When a library is synchronized between a number of devices, any device can synchronizes with any of the other devices, as long as they are paired. Each devices pulls updates from the other devices in sequence, independent of the other devices. These updates include library catalog revisions and updated/missing metadata/thumbnails for the individual files.
Independent of this, there is another sequential background process that fetches locally missing files from other devices. I’ve just performed a little benchmark test and got transfer rates of roughly 450 Mbit/s over a 1GbE connection, CPU limited partially by the TLS encryption. So it looks like it makes sense to look into introducing some amount of concurrency here to improve that and I’ll look into this (#1526).
Currently the system is meant to be used in a single-user-multiple-device scenario, but we eventually plan to extend this to a multi-user system where you can share parts of a library and specify per-user permissions. At that point we should probably also look into adding some kind of coordination to download from multiple peers at once.
Right now, the officially supported mode of operation is within the same network only. There is a possibility to specify a machine by IP or DNS name to enable discovery across network boundaries, but the two networks currently have to be open for TCP connections in both directions.
We plan to make this more flexible in the future, as a first step to allow passing through a single NAT or firewall, and eventually to also allow passing through two opposing NATs using STUN and QUIC.
It uses a HTTPS based REST protocol using certificate based authentication on both sides to ensure secure end-to-end encryption. The initial certificate exchange between two Aspect instances is done by entering a verification code to guard against man-in-the-middle situations. We plan to eventually open-source this part (as well as the server version in general) and this is mainly a matter of making a few internal base libraries fit for open source first (more documentation, splitting up into multiple libraries).
Thank you for the detailed explanation. I now have a clearer understanding of this feature. I’m glad to see that the encryption component is planned to be open-sourced, as this will definitely help gain more trust from potential users. I’ve recommended Aspect to my audience, and some of them have hesitated because it’s not open-sourced.
Looking forward to seeing the final release of Aspect!