24 October, 2014

ownCloud stuck in upgrade?



That's what I saw today after trying to update Notes:


Not cool, that didn't seem to work too well. This can happen with third-party apps. But what to do? Just like with upgrades, you can call in the help of the occ command line tool which comes with ownCloud. Ideally, run it as user of your apache, something like this:
sudo -u wwwrun ./occ
It will give you an overview of what occ can do for you, looking something like this:
ownCloud version 7.0.2

Usage:
[options] command [arguments]

Options:
--help -h Display this help message.
--quiet -q Do not output any message.
--verbose -v|vv|vvv Increase the verbosity of messages: 1 for normal output, 2 for more verbose output and 3 for debug
--version -V Display this application version.
--ansi Force ANSI output.
--no-ansi Disable ANSI output.
--no-interaction -n Do not ask any interactive question.


And a lot more.
From there, you can start an upgrade with:
sudo -u wwwrun ./occ upgrade
which is nice when the ownCloud upgrade process doesn't work. This can happen because php has a time-out set and if the amount of work takes longer than that timeout - it won't finish. Which can happen for example on very big installations, or on very light hardware (raspberry pi!).
But that wasn't my problem - things just got stuck in maintenance mode. And that is one of the options in the list: turn maintenance mode on and off! So I just proceeded (on advice of Arthur here in the office) to turn that off:
sudo -u wwwrun ./occ maintenance:mode --off
Lo and behold, it solved the problem for me.
If it doesn't, there is the maintenance:repair option which might fix the problem for you!

Tip: log rotation

In other news, I discovered that my owncloud.log file (to be found in your data folder) was 5.9 gigabytes big. Yeah, 6318901632 bytes. ownCloud can keep that file in check, but you have to enable that by adding the following to your config.php:
'log_rotate_size' => '100 MiB'
Of course, other values work, too. You can find this and more in config.sample.php, be sure to go over that file to see what you can and perhaps should configure. I personally would welcome any effort to give that file a user interface, or make it easier to reach - even with a text editor built into the admin UI... Although perhaps a more subtle approach of picking what should be visible or not would be better. In any case - anybody up for that?

16 October, 2014

Release party time!


KDE Plasma 5.1

Plasma 5.1 was released yesterday and it is looking real good. I have been running the 'next generation' Linux desktop on my laptop, courtesy of openSUSE packages made out of regular git snapshots. It was surprisingly stable so I have little worries about the stability of the final 5.1 release and I recommend to check it out ;-)

Of course, we should have a Plasma release party! We haven't had release parties in our place for a while (can't believe that the last one is over 2 years ago...), so it's time to do that again.

Check the release party page for details. The short of it:
  • October 18, 19:00-22:00 or so
  • EldenaerStrasse 28a, Berlin, Germany
  • Bring Your Own Devices Drinks (there's a Sp├Ątie (24h convenience store) downstairs). Food is welcome, too.
  • Don't forget to bring your good mood and friends

Further notes:
  • I might do some demoing of what is new in Plasma 5.1, depending on interest.
  • Anybody is welcome, as always, irrespective of color, sex, occupation, shape - heck, even species - you're all super welcome! That means you have to play nice with each other, do I have to say that?
  • If you're afraid of dogs, Popcorn will teach you that you don't have to be. But really, if she freaks you out, we can put her in another room, don't say home out of fear for the hairy monster!
  • Let me know if you're coming - so we have some idea of how crowded our apartment will be!

openSUSE

For the geekos among you: 13.2 is coming SOON and boy, is it chock-full of awesomeness! I'm talking to the Berlin LUG, we will probably do a release party. If possible we'll do it on November 8, so keep that date free for now!

01 October, 2014

Security doesn't discriminate

Yesterday I published a long blog about privacy and why it matters. Unfortunately, as Commit Strip eloquently paints below, privacy almost always gives away to the same old arguments...
That was all too typical in Holder's call to tech companies to leave device back doors open to police. What Holder doesn't seem to get (or care about!) is that a back door doesn't discriminate who gets through. If you leave your door unlocked so the police can get in, do I really have to tell you it also means thieves can come in?

It is no different in 'cyberspace'. There ARE differences between real life and online life - but in this is not one of them. Security Ninja Bruce Schneier pointed out the effect of this reality:
"We are all vulnerable to everyone because the NSA wanted us to be vulnerable to them."
In his blog from 2 weeks ago, he continued:
"We have one infrastructure. We can't choose a world where the US gets to spy and the Chinese don't. We get to choose a world where everyone can spy, or a world where no one can spy. We can be secure from everyone, or vulnerable to anyone. And I'm tired of us choosing surveillance over security."

Me too, Bruce. Me too. And it's even more irritating that the people who are supposed to protect us keep lying about it all.

Later addition

October 3 Vox put the issue in a historical perspective. More details are in this New York Times article from 1994.

I spend some time collecting and commenting on the most interesting quotes:
"Wiretapping is among law enforcement's most cherished weapons. Only 919 Federal, state and local taps were authorized last year, but police agencies consider them essential to fighting crime."
We know things have changed, and not just in the US. In 2011, the Berliner police collected data from 4.2 MILLION mobile phones just to catch ONE group of car thieves... Shows how government surveillance has begun to spin out of control, if you ask me.

"Still, the effect of strong crypto on N.S.A. operations is not difficult to imagine. The agency is charged with signals intelligence, and it is widely assumed that it monitors all the communications between borders and probably much of the traffic within foreign countries. (It is barred from intercepting domestic communications.)"
Thanks to Snowden, we know that they're now heavily intercepting domestic communications. Some things have changed (guardian article on effects of the Snowden leaks) but we have a long way to go. If you want to know more about Snowden - this article on Wired is among the very best.

The article talks about introducing a security chip (Clipper) with a back door for Law enforcement, but correctly asks:
"What sort of nuclear terrorist would choose Clipper?"
Indeed:
"Some people criticize Clipper on the basis that truly sophisticated criminals would never use it, preferring other easily obtained systems that use high-grade cryptography."

"The Government understands the impossibility of eradicating strong crypto. Its objective is instead to prevent unbreakable encryption from becoming rountine. If that happens, even the stupidest criminal would be liberated from the threat of surveillance. But by making Clipper the standard, the Government is betting that only a tiny percentage of users would use other encryption or try to defeat the Clipper."
In other words, this would do the same thing as famously copyright protection on music CD's did: legitmate use (like copying the songs from the album you own to your iPod) was made impossible, but slightly more sophisticated, often professional music sharers had no issues with the 'protection'.

"This seems to be the Government's intent -- to encourage "crypto lite," strong enough to protect communications from casual intruders but not from Government itself."
Making us thus all vulnerable to hackers, foreign governments etc etc. Nothing new under the sun!

A quote from the documentation of PGP gives this same response:
"If privacy is outlawed, only outlaws will have privacy. Intelligence agencies have access to good cryptographic technology. So do the big arms and drug traffickers. So do defense contractors, oil companies, and other corporate giants. But ordinary people and grassroots political organizations mostly have not had access to affordable 'military grade' public-key cryptographic technology."
Amen.

The Vox article also points out the Washington Post had to correct a op-ed by former FBI official Ronald Hosko who gave a specific example where encryption would have thwarted a law enforcement investigation and cost lives - but turned out to be wrong. Honestly, if the one example the FBI has turns out to be wrong, how much is there to say for their argument? I don't think encryption will do as much harm as they like to claim.

XKCD already comically explained this: the government has many means of getting information from its citizens, and encryption doesn't change that much.



EDIT october 6: I can keep updating this post forever, but I won't - only one more link: Bruce Schneier weighted in, calling it Return of the Crypto Wars - referring to the fight around the Clipper chip I described above.

30 September, 2014

Saving Face and the threats to privacy in our society

I'm not talking about the 2012 documentary, nor an actual face. I want to discuss the expression, as defined by wikitionary:
"To take an action or make a gesture intended to preserve one's reputation or honour"
I argue that this expression is under-used in this day and age of privacy violations.
Awesomeness from Saturday Morning Breakfast Cereal!

Privacy is not

Tech folk like me were surprised at the publicity around the leak of celebrity nudes a few weeks ago. With the continuous string of NSA scandals over the last years, we didn't expect anybody to still think their data was safe online. Apparently, we still have to make the argument for privacy...

For many people, privacy and the arguments against NSA style "collect it all" spying seem moot: "I have nothing to hide".

Now this argument has been solidly debunked in various articles, breaking down to these main reasons:
  • You don't know what you have to hide
  • You should have something to hide
  • Privacy is a basic human need
On the first two, security researcher Moxie Marlinspike wrote for Wired Magazine.

You don't know what you have to hide

In the US, the federal government can't even count the number of laws one can break, and Moxie argues:
If the federal government had access to every email you’ve ever written and every phone call you’ve ever made, it’s almost certain that they could find something you’ve done which violates a provision in the 27,000 pages of federal statues or 10,000 administrative regulations. You probably do have something to hide, you just don’t know it yet.

A society with perfect surveillance means anybody could be locked up at any time as everybody does things wrong all the time. Law enforcement becomes arbitrary (and consequently a great means for controlling people who do things the government doesn't like). Just one recent example: in Washington, being smelly is a crime.

Moxie does not even discuss changes in policy and politics. What is legal today can haunt you tomorrow! This is not a hypothetical situation: in World War II tens of thousands lost their lives because the Dutch government kept extensive records on every citizen.

You should have something to hide

The second point is that if laws were never broken, they would never be changed and progress of society would come to a stand-still. In a world of perfect law enforcement, slavery would still be with us, sodomy laws would be in effect and women wouldn't be allowed to run businesses or perhaps even drive cars. Probably nice for bureaucratic governments (things are simpler that way) but I don't think it is wise to limit the world our kids live in based on what we can deal with and understand today...

Despite their very real impact, these arguments, to many of us, seem mostly relevant around an oppressive regime. We're happy that the protests in Hong Kong are aided by techology but it doesn't make us use them.

Privacy is a basic human need

Then there is the argument that people need privacy. Not because they do illegal things, but just because. The often-heard explanation: when you go to the toilet, you close the door. Not because you do something illegal there, but just because you'd prefer doing it alone!

This might not feel like a strong argument, perhaps that is why Moxie doesn't mention it. But it goes far deeper than the other reasons for privacy, to something very central to us, human animals. Everybody feels a need to present themselves well to others! We use make-up, proper clothes, perfume and deodorant. We act and speak careful, ever mindful of the impression we leave on people. And privacy is central to control over how others see you.
Marying as WoW character

Saving face

Words like reputation and honour in the definition of "saving face" by wikitionary make it sound like a big, special thing, but it is true for everybody, every day: we all go through extraordinary length to control how others see us. It is why we carefully choose the clothes we wear and the car we drive. We even wear different faces around different people. Loving husband or wife, funny friend, hard working employee, trusted confidant, sensitive and dedicated son, powerful wizard.

We are careful to keep these separate. If one of your parents would suffer from cancer, you would share the pain with close friends, but not the poker friends at the bar. You'd share that you had to deal with a burn-out a few years ago with your husband, but not your colleagues. If you lose your job you keep up appearances to some friends, but share your feelings with others. You would tell at work about your kid puking over you at breakfast but not about your wife who suffers from depression.

The carefully build impressions others have of us are maintained at almost all costs, and we don't even realize it. It is more obvious in some situations, of course - when something bad happens to you but you don't want some group of people to know; or, typically, when dating or soliciting for a job, when you put up your best, cleanest face and present yourself as perfect as you can. Or when you get very upset when certain information (private pictures, habits or hobbies) become public. But you always care about your appearance.

Losing control?

Modern social media are putting a bit of a wrench in this form of social engineering we all engage in. A date or potential employer can look us up on the internet, finding out things we'd rather not share. And if the data isn't available openly, they can probably just pay for it. Awareness of this is still rather low but, like the Silicon Valley folks keep their kids from using computers and even send them to analog schools, many tech people I know are far more careful with their online profile than the average consumer, who happily takes the free data storage for uploading their lives to servers in the cloud.

There is a time factor at work here. This technology arrived when my generation was (mostly) old and wise enough not to put too much embarrassing stuff online. But just think of everything you did before you turned 18 - I don't know about you, dear reader, but I sure don't want that online. Yet this is exactly what the current and future generations face! Why else are tools which promise to delete your data after a short time, like Snapchat and friends, so popular - and why else do people get so upset when the promises about deleting data are broken?

Because they are being broken, and will continue to be, either by the companies themselves (your data is worth more than you think!) and by governments, hackers and so on.

I think it is important to realize how a lack of privacy impact us, as humans. In the end, it might be the most important argument: in this digital age, we lose the abilities to control how we present ourselves to others. Time to take back our data and decentralize.

EDIT: some news that came out one day after my blog post prompted some further thoughts.

14 August, 2014

How else to help out

Yesterday I blogged about how to help testing. Today, let me share how you can facilitate development in other ways. First of all - you can enable testers!

Help testers

As I mentioned, openSUSE moved to a rolling release of Factory to facilitate testing. KDE software has development snapshots for a few distributions. ownCloud is actually looking for some help with packaging - if you're interested, ping dragotin or danimo on the owncloud-client-dev IRC channel on freenode (web interface for IRC here). Thanks to everybody helping developers with this!

KDE developers hacking in the mountains of Switzerland

Coding

Of course, there is code. Almost all projects I know have developer documentation. ownCloud has the developer manual and the KDE community is writing nothing less than a book about writing software for KDE!

Of course - if you want to get into coding ownCloud, you can join us at the ownCloud Contributor Conference in in two weeks in Berlin and KDE has Akademy coming just two weeks later!

And more

Not everybody has the skills to integrate zsync in ownCloud to make it only upload changes to files or to juggle complicated API's in search for better performance in Plasma but there is plenty more you can do. Here is a KDE call for promo help as well as KDE's generic get involved page. ownCloud also features a list of what you can do to help and so does openSUSE.

Or donate...

If you don't have the time to help, there is still something: donate to support development. KDE has a page asking for donations and spends the donations mostly on organizing developer events. For example, right now, planet KDE is full of posts about Randa. Your donation makes a difference!

You can support ownCloud feature development on bountysource, where you can even put money on a specific feature you want. This provides no guarantees - a feature can easily cost tens to hundreds of hours to implement, so multiple people will have to support a feature. But your support can help a developer spend time on this feature instead of working for a client and still be able to put food on the table at home.

So, there are plenty of ways in which you can help to get the features and improvements you want. Open Source software might be available for free, but its development still costs resources - and without your help, it won't happen.

13 August, 2014

Why developers should not be testing

Short answer: because you should.

When somebody asks about their missing pet feature in KDE or ownCloud software, I always trow in a request for help in the answer. Software development is hard work and these features don't appear out of nowhere. There are only so many hours in a day to work on the a million things we all agree are important. There are many ways to help out and speed things up a little. In this blog I'd like to highlight testing because I see developers spend a lot of time testing their own software - and that is not as good as it sounds.

Developers also do testing!

You see, developers really want their software to be good. So when a Alpha or Release Candidate does not receive much testing from users, the developers take it on themselves to test it.

Developers testing software has two downsides:
  • Developers tend to test the things they wrote the software to do. It might sound obvious, but usually the things that break are things the developer didn't think off: "you have 51,000 songs? Oh, I never tested the music app with more than 4,000" is what I heard just yesterday.
  • And of course, it should be obvious: early and lots of testing speeds up development so you get those features you want!
Take two lessons from this:
  • If you want things to work for you, YOU have to test it.
  • If you want those other features, too, helping out is the name of the game.

It isn't hard

In the past I wrote an extensive article on how to test for KDE and ownCloud, too, has real nice testing documentation.

If you want to get on it now, Klaas Freitag just released ownCloud client 1.7 alpha 1 and openSUSE has moved factory to a rolling release process to make it easy to help test. KDE Applications 4.14 is at the third beta and the Release Candidate is around the corner.

Your testing doesn't just save time: it is inspiring and fun. For everybody involved. For added kicks, consider joining us at the ownCloud Contributor Conference in in two weeks in Berlin and KDE has Akademy coming just two weeks later!

Help make sure we can get our features done in time - help test and contribute your creativity and thoughts!


note: I'm not argueing here against testing by developers, rather that users should help out more! Of course, developers should make sure their code works and unit tests and automated testing are great tools for that. But I believe nothing can replace proper end-user testing in real-life environments and that can only really be properly done by end users.

05 August, 2014

ownCloud numbers

Last week, we went over some numbers related to ownCloud. Things like the number of people who contributed in the last 12 months or the speed of code flowing in on average. The numbers are impressive and you can read about them in this press release.

Analysis

Numbers can tell you a lot. One thing is of course particularly cool: the numbers are big. Really big. ownCloud has had almost 300 people contribute code to it in the last 12 months. That is a lot. Some perspective: wordpress has had 52 contributors over its lifetime! Drupal: 149. phpbb: 190. Mediawiki: 534. Joomla: 483. VLC media player: 662. ownCloud has had 566 contributors over its lifetime. This is just one metric out of many, and the comparisons are between often wildly different projects so take it with some salt.

One thing I think you can safely conclude: ownCloud is certainly in the big leagues. Looking at our competition, the ownCloud Client team alone (59 contributors over its life time) is bigger than any other open source file sync and share technology.

Why numbers

We primarily want to keep an eye on numbers to see if we are doing well or not. Anecdotal evidence is important (I really like to read all the positive feedback on the #ownCloud7 release) but hard numbers are very important too. For example, if we see fewer new people join ownCloud, we can see if we can improve developer documentation or have to offer better help for new developers on IRC.

We have good reasons to keep an eye on that. Open Source projects typically have a huge turnover (60%/year is normal), requiring us to keep attracting new contributors. Not only that, ownCloud Inc. has hired many community members and, through its marketing and sales machine, is increasing the number of ownCloud users enormously. We do numbers on our user base internally, and the number we make public (about 1.7 million at the moment) is a rather conservative estimate. And growing quickly: Germany's upcoming largest-ever cloud deployment will bring ownCloud to half a million users!

What effect does that have? For one, paid developers can create a 'freight train' effect, accelerating development to a point where it is hard for volunteers to catch up. This is a reason why it is good to split up the apps from the core and to improve the API offered by ownCloud. This makes it easier to keep changes more localized and easier to follow. Another effect is that the growing popularity of ownCloud brings more people to our mailing lists and forums, asking questions. That is a tough issue. Improvements in documentation can help here, but we can also think about other tools and ways to answer questions.

Conclusions

We can't stare ourselves blind on numbers, and we won't. Real life matters more: that is why we are working hard on preparing the ownCloud Contributor Conference later this month! But it is cool to see confirmed what we already thought: ownCloud is a very significant Free Software community. Not just its size, but also in what we are doing and how we do it!

There still is plenty of work to be done so come help out and liberate more data!