, , , , , , , ,

I’ve recently got round to trying Opera Unite, which is now included in the latest Opera browsers. It’s a pretty clever bit of software that turns the browser into a portable server. Anyone can host their own stuff and share files online, but the really smart thing is that it can be run from anywhere when it’s installed on a USB drive or portable device.
The services that can be hosted from Unite include:

– Web server
– Messaging server
– File server
– Hosted media player
– Online photo album

Setting up Unite took about five minutes, and it ran very well first time. All users have to do is open the Unite panel in the browser, sign into a MyOpera account and select which services and directories to make public, and decide whether to use a session password to restrict access to trusted users. Each service has its own admin page for managing it. Unless you’re an experienced server admin, I recommend restricting access to all of them for the time being.
The hosted services and directories can then be accessed by anyone visiting the user’s Unite link, which is permanent, and directss others to a page indicating whether services are available or offline.

Running a server introduces a massive number of security issues and it’s always the responsibility of server admins to deal with these.
My main worry about running the Unite server is the possibility of directory climbing attacks, and I wondered how easy it is to access the parent directory on a non-UNIX system where the file permissions haven’t been defined. Opera’s own documentation addresses this concern, claiming the filesystems aren’t accessed directly. Instead, Unite creates a virtual filesystem image, along with mount points for accessing the actual one. Files can only be accessed if they’re included in the VFS. The main thing to be aware of is the image also includes the original file permissions, so everyone has read-write access unless this is checked.

Security should never be entirely dependent on passwords. Unfortunately, this seems to be the case with Unite, and the session passwords generated by Unite are extremely weak. They’re also included in the URLs that point to particular files. This shouldn’t be a problem if links are shared privately with trusted people, unless someone’s going to bother bruteforcing the session passwords.

The Opera Platform
One of the main reasons Opera’s my favourite browser is that Opera is basically a platform for quite a large developer community, and its services are basically demonstrations of the many possibilities for it. What I have noticed is that a lot of development has made Opera an ideal browser for mobile devices, as the UI and gesture feature is one of the best available for small touchscreens and it’s been ported to Linux which is increasingly becoming the OS for smartphones, PDAs, netbooks, etc. In mobile devices with limited memory, the email and chat clients can already be replaced by the ones included in recent versions of Opera.

I believe Unite will prove to be the most useful where there is a group that wants to set up a temporary cloud service from their netbooks or laptops. Unite would also be an excellent addition to wide area communication networks that include many distributed mobile devices.