25 November, 2016

3 alternative reasons why you should test Nextcloud 11 Beta

On the Nextcloud blog I just published about the beta for Nextcloud 11. The release will deliver many improvements and is worth checking out in itself, plus I put a nice clickbait-style title and gave three reasons to test it.

But I actually have some more reasons to test. You see, Nextcloud is one of the tools we need to keep our democracy working. As Frank notes on his home page:
"Privacy is the foundation of democracy"
And he is completely right. So, here are three different reasons why you should test (and help improve) Nextcloud:

1. The USA is making a massive swing towards even more spying

Obama has done nothing to curb the growth of the NSA and the scope of its operations. Secret laws spiked under his watch. Many of the folks about to be put in power by President-elect Trump favor more spying, including on US citizens, expansion of the NSA, a crackdown on whistleblowers and more. Trump's pick for CIA director calls for Snowden's execution. For what I can only guess must be giving proof of illegal government spying to dangerous terrorists like the Washington Post and the Guardian, who proceeded to win a Pulitzer prize by disclosing this information irresponsibly to the US public.

In general, as somebody who changes his stance on hugely important and complicated issues like torture in under an hour, it is impossible to predict what Trump will do with the most powerful spying agency in the world under his control, but his appreciation for dictatorial figures like Kim Jong Il and Putin gives plenty cause for concern.

2. Britain isn't doing much better

I wrote about the Snoopers' charter just some days ago - this piece of legislation goes further than any earlier piece of spying law. It allows not only passive spying but also actively hacking devices from citizens.

3. Nor is Europe

The UK is not alone. Since Snowden, Europe has complained a bit about the NSA but seems to simply follow suit, rather than doing anything about it. Germany is even introducing a bill that will allow spying on foreign journalists.

Help out!

So, how can you help? Well, test Nextcloud 11 Beta, obviously. Help others to use it, get them involved. But it goes beyond Nextcloud - promote the use of and help improve tools like Tor, Signal and others, or democracy is screwed.

Edit: updated the blog 

22 November, 2016

Brittain’s Snoopers charter threatens your privacy

pic from the ZDNet article
The United Kingdom this week passed the so called Snoopers Charter, a law which forces UK internet providers to store the browsing history of UK citizens for a full year. You, your family, visitors or any devices in your household which have been hacked (the government is now allowed to do that, by the way) better not visit anything bad as the government can get their hands on this data quite easily. What does this mean and what can you do?

An attack on privacy

There is a global siege on privacy. Governments all over the world have introduced legislation (sometimes secret) which forces email, internet or data storage providers to track what you do and make that data available to their governments. This, of course, also means third parties who gain access to the storage systems can see and abuse it. And because so many of us have put so much of our data at just a few providers, we're at great risk as events like last week's shutdown of hundreds of Google accounts did show.

While Google, Dropbox and others lure customers in with 'free' data storage and great online services, governments benefit from centralized data storages as it makes it easy for them to hack in or demand data from these companies.

Why this surveillance?

While governments usually claim they need access to this data to find terrorists or child pornography, experts point out that it will not be helpful at all. As multiple experts (even internally) put it, growing the haystack makes it harder to find the needle. Intelligence agencies are swamped with data and nearly every terrorist attack in western states over the last decade took place despite the agencies having all information they would have needed to prevent it. The Paris attackers, for example, coordinated their attack using plain SMS messages. The Guardian thus rightly points out that:
"Paris is being used to justify agendas that had nothing to do with the attack"
which has become a familiar refrain after nearly every terrorist attack.

Indeed, we all know the argument But you have nothing to hide, do you? and indeed, we probably don't. But some people do, so they'll try to avoid being seen. That being illegal won't change their behavior...

And as Phill Zimmermann, the inventor of the PGP encryption pointed out:
"When privacy is outlawed, only outlaws will have privacy"

So not terrorists. Then what?

Experts agree that the vast majority of these surveillance and anti-privacy laws have little or no effect on real criminals. The crime syndicates, corrupt politicians and large corporations evading taxes and anti-trust/health/environmental laws, they DO have something to hide, and thus they would use encryption or avoid surveilled communication methods even if it were outlawed.

However, ordinary citizens, including grass-roots local activists, charitable organizations, journalists and others, who DO have nothing to hide, would be surveilled closely. And with that information, the real criminals mentioned earlier - crime syndicates, corporations or corrupt politicians - would have weapons in hand to keep these citizens from bothering them. Whistle blowers can be found out and killed (like in Mexico), journalists can be harassed and charged for trivial transgressions (like was recently done at the US pipeline protest) and charities can be extorted.

What can we do?

Luckily, there are initiatives like the Stanford Law Schools' Crypto Policy Project which aim to train, for example, journalists in the use of encryption. Tools and initiatives like Signal, PGP email encryption, Let's Encrypt and Nextcloud provide the ability for users to protect themselves and their loved ones from surveillance. More importantly, these at the same time making it harder and more costly to conduct mass surveillance.

There is nothing wrong with governments targeting criminals with surveillance but just vacuuming up all data of all citizens that might, some day, be used is a massive risk for our democracy. We all have a responsibility to decentralize and use tools to protect our privacy so those who need it (press, activists and others) have a place to hide.

29 September, 2016

Get started with Nextcloud App development in 6 easy steps!

The brand new app scaffolding tool in our app store
Last night, Bernhard Posselt finished the app scaffold tool in the app store, making it easy to get up and running with app development. I was asked on twitter to blog about setting up a development environment, so... here goes.

What's simpler than downloading a zip file, extracting it and running a command in the resulting folder to get an Nextcloud server up on localhost for hacking?

Yes, it can be that simple, though it might require a few minor tweaks and you have to make sure to have all Nextcloud dependencies installed.

Note that this is useful if you want to develop an Nextcloud app. If you want to develop on the Nextcloud core, a git checkout is the way to go and you'll need some extra steps to get the dependencies in place, get started here. Feedback on this process is highly appreciated, especially if it comes with a pull request for our documentation of course ;-)

Step 1 and Two: Dependencies

  • Install PHP and the modules mentioned here
    Your distro should make the installation easy. Try these:
    • openSUSE: zypper in php5 php5-ctype php5-curl php5-dom php5-fileinfo php5-gd php5-iconv php5-json php5-ldap php5-mbstring php5-openssl php5-pdo php5-pear php5-posix php5-sqlite php5-tokenizer php5-xmlreader php5-xmlwriter php5-zip php5-zlib
    • Debian: apt-get install php5 php5-json php5-gd php5-sqlite curl libcurl3 libcurl3-dev php5-curl php5-common php-xml-parser php5-ldap bzip2
  • Make Nextcloud session management work under your own user account.
    Either change the path of php session files or chmod 777 the folder they are in, usually something like /var/lib/php (debian/SUSE) or /var/lib/php/session (Red Hat).

The Final Four Steps


Nextcloud should present you with its installation steps! Give your username and password and you're up and running with SQLite.

Start with the app

Now you create a subfolder in the nextcloud/apps with the name of your app and put in a skeleton. You can generate an app skeleton really easy: use the scaffolding tool, part of our new app store for Nextcloud 11!

It's probably wise to now get going with the app development tutorial here. This isn't updated for the scaffolding tool yet, so you'll have a head start here. Be sure to check out the changelog, we try to make sure the latest changes are noted there so even if we didn't manage to fully update the tutorial, you can find out what will and won't work in the changelog. Also, be sure to update the links to get the latest dev doc - this all links to 11, once that is out it is probably better to directly target 12 and so on.

Help and feedback

Your input is very much welcome! If you run through these steps and get stuck somewhere, let me know and I'll update the documentation. Or, of course better still, do a pull request on the documentation right in github. You don't even have to do a full checkout, smaller fixes can easily be done in the web interface on github.

Last but not least, ask questions on our forums in the app dev channel or on IRC. Here is the Nextloud development IRC chat channel on freenode.net, also accessible via webchat.

Thanks, good luck, and have fun building Nextcloud apps!

05 September, 2016

Akonadi/KMail issues on Tumbleweed?

So if you, like me, have experienced how smoothly Akonadi deals with crashes and think it is still annoying, there's a solution. The problem is caused by Xapian which creates some nice backtraces but until it is fixed you are stuck with a crash every ~minute.

The solution is in this email from Christian Boltz:

I created a repo with the previous version of libxapian, and akonadi-* and baloo linkpac'd from Factory (so rebuilt against the old libxapian): https://build.opensuse.org/project/show/home:cboltz:branches:openSUSE:Factory

Packages at http://download.opensuse.org/repositories/home:/cboltz:/branches:/openSUSE:/Factory/standard/

Since I installed these packages (using zypper dup --from), I didn't see any akonadi crashes.

If someone wants to use the fixed packages _now_: I'll keep the repo as long as it's useful for me ;-) -> this is clearly caused by the libxapian update (libxapian22 -> libxapian30)


In other words, you fix it this way:

zypper ar http://download.opensuse.org/repositories/home:/cboltz:/branches:/openSUSE:/Factory/standard akonadi-fix
zypper ref
zypper lr
Now find the number of the new repository (akonadi-fix) and:
zypper dup --from 4
(where 4 is the number of the repo in my case).

Then OK the result and done, the mail client which, despite all its issues, continues to be the only one I can stand working with is smooth sailing again ;-)

Oh, to fix the mess Xapian made of the database, you probably should stop akonadi and remove the search DB, it will get re-indexed:
akonadictl stop
rm -rf ~/.local/share/akonadi/search_db
rm ~/.config/.baloorc
akonadictl start


Greetings from #Akademy2016 by the way!

02 September, 2016

Kickstarting conversations with lightning talks.

A lot of people are coming to the Nextcloud conference to discuss ideas they have with others and I've been telling them to submit a lightning talk. As that is the idea of the lightning track on Saturday and Sunday: present yourself and the project you (want to) work on, inspire, share ideas. That way, others can then find you and talk to you afterward!

Last year I wrote a longer article about that on opensource.com, but this is the gist of it: it is a conversation kickstarter! Our event is very hands-on (bring your laptop, we say!) and the program is mostly there to facilitate the natural flow of ideas and code.

So we have three kinds of sessions:

  • Keynote = inspiration. Everyone joints to listen to a fascinating story! Our keynote speakers are Karen and Jane.
  • Lightning talks = sharing. Everyone in one room listens to what others are thinking about, working on or inspired by. Then, after, you look each other up and start talking and doing! Think 'unconference'.
  • Workshops = learning and collaborating. They're coding, interactive, either teaching/learning or more "let's work on X for an hour together".

The event starts in two weeks at the TU Berlin: September 16-23 so it is time to book your trip. If you care about open source, privacy-protecting cloud services it is a great place to find like-minded folks!


What's coming?


Besides the keynotes by Karen Sandler (Managing DIrector at SFC) and Jane Silber (CEO of Canonical) We have some 30 sessions already submitted, just a selection:


More still coming, I know Cornelius Schumacher wanted to talk about the importance of privacy-protecting cloud services (if his family can miss him for the weekend...) and I still have some other talks to approve in the queue.
The gist of it is that we'll have a lot of technical people, the folks who wrote Nextcloud as well as many others who contributed and have been using it, from home users to enterprise and educational or government agencies - all together to discuss and work on where our technology is going.

Oh, and we have a surprise on Friday afternoon. ;-)

Check it out and see you there!

25 August, 2016

Latest attacks on privacy...

With the EU (in this case France and Germany) gearing up for another attack on privacy I'm quite happy and proud to have been part of the release of Nextcloud 10!

Privacy

It is the usual story: we should disallow companies from using perfect end to end encryption and force them to insert backdoors against terrorists.

Not that it would help - that's been discussed extensively already but in short:
  • If you have nothing to hide, you'll use a backdoored app and you're vulnerable to foreign (and your own) governments, terrorists (!), criminals and others who can abuse your data in more ways than you can imagine.
  • If you have something to hide, you can use 1000 different tools to do so and there is nothing government can do about that so you won't use a backdoored app.
  • And note that government has failed to even use fully unencrypted information to stop terrorist attacks so perhaps we should first see if they can actually get their act together there.
Now yes, backdooring all commonly used encryption apps will help a BIT, essentially only with the low level, common crime. So you might catch the dude who broke into your house and bragged about it to his friends over Whatsapp. You won't catch the terrorists plotting with Al Qaida (or whatever the terrorist organization du-jour) to blow up a train because they can simply get one of the many solutions out there to protect themselves.

Nor will you catch corrupt politicians or big companies doing nasty stuff, though I am quite certain the laws will be written in such a way that you can use them to go after people who actually try to expose such politicians or companies.

And I'm also quite certain companies will use this as an excuse to not implement proper protection in their products so you can continue to stop pacemakers remotely or disable the brakes in cars over the internet.

Generally, laws targeting encryption and terrorism do more to harm whistleblowing than terrorism and are thus promoting corruption and bad, unsecure products.

These laws will literally cost lives. Not save any.

And it is exactly why Frank started ownCloud and why we continue to develop that vision at Nextcloud. And keep developing new features, like the File Access Control app which can provide an extra protective layer around your data. I for one certainly can use that app and exactly in the way described in that blog! So much for 'enterprise only features'.


Get it and migrate today. You and your data deserve it!

17 August, 2016

FrOSCon and the future of private clouds

This Saturday I'll talk at FrOSConabout the future of private clouds and how Nextcloud is pushing that.

Frank won't make it, sadly, as he's in Denmark speaking at another event. Or somewhere else, his travel is a bit crazy lately ;-)

Future of private clouds

Frank blogged last week about a vision for Nextcloud and we've been thinking and discussing this at our hackweek with about 30 community members as well. It was quite amazing to bring so many people together and discuss these things!

Afterwards we've brought most of the topics to our forums or github, including our ambitious Nextcloud 11 roadmap. I'll certainly talk about some of those things this weekend at FrOSCon:
  • Communication integration
  • New app store
  • New updater
  • Federation
And more. Today or tomorrow we'll release a RC of Nextcloud 10 and I'll discuss what we've done there as well, what is new and improved, small and big.

If you like to get involved in the 'future', join us at our conference!