Probably the same reasons you may prefer Google Drive over Microsoft Office.
That said, I would definitely prefer pointing Glow to any standard git repo. This gives it all the security Charm is claiming to offer, versioning, etc, essentially for free. (Obviously that defeats the purpose of Glow being a marketing tool for Charm)
For what it's worth, you don't need to use the Charm Cloud features. If you run `glow` in a directory, it will recursively search subdirectories for markdown files and display them for viewing in the TUI. Stashing will encrypt them then push them to the Charm Cloud though.
This is by no means a feature request but it could be useful if Glow provided a way to configure alternative stashing methods (i.e. "stash via Charm or stash via some shell script you give me"). There would still be a lot of pull towards Charm but users who wanna do it themselves can also use the stash feature.
As one of the Charm co-founders, I think that's fair! That being said, others have asked us about this recently as well. I'll paste a reply I made the other day on Reddit:
Your concerns are well founded! I've certainly been burned by services disappearing...
It's a compromise to have a business model that allows us to develop Charm full-time vs. being completely open source. Our plan is to have a business model similar to GitHub: free and low cost services for individuals with enterprise hosting options (colo or hosted by us).
One thing that I think we should do is allow for a very easy export of all of your data. We can build that into glow and charm (vs. having to email us and ask for it or some other draconian option).
This is very much a 1.0 release of the Charm Cloud and one of the reasons we wanted to ship it early was to get feedback from the community and build out the features our users want. Your point is a great one that we should solve for ASAP. A glow export feature that spits out a .tar.gz of all your stashed markdowns seems like a great idea.
We're also open sourcing the libraries we use to build glow and charm, most of which don't require the Charm Cloud. We just made our TUI framework Bubble Tea open source for instance:
Please consider having an open source self-host option and a paid cloud service. Many people (and enterprises) doesn't want to spend time securing and maintaining servers. If your company disappears there is the self-host option as backup. This model seems to work well for Ghost and Gitlab.
FWIW, I get the impression that they want to charge money soon. Keybase never really wanted to bother with that and the implicit SLAs that come with it? Charging money is a great way to actually guarantee it will be around for a while longer than your typical ad or VC funded 'free' service.
I feel like the major problem with E2EE cloud services is getting apps to adopt it. For example, I like bear editor, but I don't like their encryption model. I like standard notes & inkdrop's E2EE encryption models, but I don't like them as editors that much since a bunch of their energy is probably being consumed by encryption stuff. It feels like the engineers who make good UIs have a hard time doing well on the security standpoint and the ones who bother to make things secure have a hard time dealing with making good UIs.
I want something that the bear's of the world will adopt and then they don't have to think about E2EE anymore.
Well-structured exports is certainly something that I think will make a lot of people more confident (and also a necessity if you intend to have first-class support for EU customers with any kind of individual identifiers, with GDPR and all).
I’d still put a dogfed (same as you run yourselves, possibly missing select enterprise-targeted features) FOSS self-hosted server version.
Look at Hashicorp for a great example of that this works in practice when you're targeting a techy audience!
I’m sure a lot of your potential customers are happy to pay exactly because they want someone else to take care of all the technicalities - and on the other end of the spectrum (and I’m sure you’ve thought of this already) you have the enterprises that for legal or compliance reasons simply have to own the whole stack - and there you’ll have free users providing back tutorials, documentation, bug report and the occasional PR that you’d otherwise have to do yourselves or neglect. Just food for thought :)
Thank you and sanbor for the detailed reply. I think it's really interesting. We can't promise anything now but it's definitely something we can look into. I self-host Sourcegraph and Gitea and enjoy the freedom (and can also see why someone would pay to not self-host).
Encrypting the data before uploading to Dropbox should make their security almost irrelevant? The issue I have with these anti-cloud sentiments is that they more or less give a moat to the established players like OneDrive or Google Drive or Dropbox. There has to be a better way to reduce the risk of alternative cloud services.
That’s very valid nuance. But I also think that alternative cloud services can be successful without having to keep their server-side implementation closed and protected.
I absolutely agree that there’s a need for the middle ground.
I’d also say that I think nobody really cares if GH is running vanilla git, or which SMTP and IMAP server Fastmail is using; perhaps the important thing is that there exists at least one maintained fully API compatible open alternative, not necessarily 100% identical to the software run by the hosted, or even primarily developed or maintained by them.
(And, well, the insight that can be derived from metadata is not to be dismissed, so I wouldn’t agree on “almost irrelevant”)
I'm sympathetic to the idea that a company is going to be better at doing backups and maintenance than I am, but for the first point: it sounds like they're using the local machine's SSH key to wrap a symmetric key. Unless you're sharing the same SSH key across all of your machines, this tool probably isn't very useful when switching between computers.
Edit: It looks like they generate their own SSH key instead of using an already present one. So you'd presumably need to copy that to each machine that you'd want to use so that it can unwrap the real (cloud-stored) decryption key.
We actually issue a new Charm specific SSH key for you. We then allow you to link machines together with our `charm` account utility. The symmetric keys used to encrypt data are encrypted for each public key linked to your account so you can access your data from multiple machines.
Major difference here is that GH (in terms of git repo hosting and interaction) have API-compatible free and open implementations - there’s no vendor lock-in (apart from the network effect if you count that, which I don’t)
FWIW I've used glow for a while as more or less a dumb, colorful markdown pager and had no idea this functionality was there, and I am very sure glow was not phoning home because of how I run little snitch.
I've done something similar but as a python flask app that uses a web browser as a reading/writing platform, that keeps it's (unencrypted) stash in a local directory (it's a 'localhost only' webservice).
It's functional but crude so nothing on github just yet ;)
Note that you can actually get colour and proper italics and boldface out of groff (specifically grotty). They are actually in there in the vanilla tool, but are disabled by overrides on several operating systems.