tag:blogger.com,1999:blog-123668652024-03-14T07:58:04.302+01:00all mine!Personal thoughts on Linux desktop, distro & #Cloud communities, open source, privacy & freedom, life and whatever else comes upJos Poortvliethttp://www.blogger.com/profile/05243886270488333877noreply@blogger.comBlogger437125tag:blogger.com,1999:blog-12366865.post-71415347349434679942020-09-23T15:56:00.002+02:002020-09-23T15:56:34.219+02:00Triggered <p>Somebody pointed me to <a href="https://dl.acm.org/doi/10.1145/3407023.3407057" target="_blank">a research article</a> about how many app developers fail to comply with the GDPR and data requests in general.</p><p>The sender suggested that I could use it in marketing for Nextcloud.</p><p>I appreciate such help, obviously, and often such articles are interesting. This one - I read it for a while but honestly, while I think it is good this is researched and attention is paid for it, I neither find the results very surprising NOR that horrible.</p><p>What, a privacy advocate NOT deeply upset at bad privacy practices?</p><p>Sir, yes, sir. You see, while the letter of the law is important, I think that intentions also are extremely important. Let me explain.</p><h3 style="text-align: left;">Not all GDPR violations are made equal</h3><p>If you or your small business develops an app or runs a website to sell a product and you simply and honestly try to do a decent job while being a decent person, the GDPR is a big burden. Yes, the GDPR is good, giving people important rights. But if you run a mailing list on your local pottery sales website, with no intention other than to inform your prospective customers and followers of what you're up to, it can be a burden to have people send you GDPR takedown and 'delete me' requests instead of just having them, you know - unsubscribe via the link under your newsletter!</p><p>The goal of the GDPR, and of my personal privacy concerns, isn't at all related to such a business. If anything, their additional hardship (and we at Nextcloud have this issue too) is at best a by product of the goal. That byproduct isn't all bad - we all make mistakes, and being more aware of privacy is good, even for small businesses. The GDPR has forced many small businesses to re-think how they deal with private data, and that isn't a bad thing at all. But it isn't the main benefit or goal of the GDPR in my eyes. There are big businesses who totally COULD do better but never bothered, and now the GDPR forces them to get their act together. While that's a real good thing, even THAT is not, in my opinion, what the GDPR is about.</p><h3 style="text-align: left;">Privacy violation as a business</h3><p>You see, there are businesses who don't violate privacy of people by accident. Or even because it is convenient. There are businesses who do it as their core business model. You know who I'm talking about - Facebook, Google. To a lesser but still serious degree - Microsoft and yes, even Apple, though you can argue they are perhaps in the "side hustle" rather than "it's their primary revenue stream" category.<br /></p><p>For these organizations, gathering your private data is their life blood. They exploit it in many ways - some sell it, which is in my opinion definitely among the most egregious 'options'. Others, like Google and Facebook, hoard but also aggressively <b>protect</b> your data - they don't want to leak it too much, they want to monetize it themselves! Of course, in the process of that, they often leak it anyway - think <a href="https://en.wikipedia.org/wiki/Cambridge_Analytica" target="_blank">Cambridge Analytica</a> - that was in no way an incident, hundreds of apps get your private data via Google, Facebook, Microsoft and others. But by and large, they want to keep that data to themselves so they can use it to offer services - targeted ads. Which in turn, of course, get abused sometimes too.</p><p>My issue with this business model, even without the outright sale of data, is two-fold.</p><h4 style="text-align: left;">Ads work better than you think</h4><p>First, in principle - while people might feel ads don't effect them, there is a reason companies pay for them. They DO effect your behavior. Maybe not as much or in the way marketing departments think or hope, but the effect exists.</p><p>How bad is that? Depends, I guess. To some degree, it is of course entirely legitimate that companies have a way to present their product to people. But modern targeting does more, including allowing companies to charge specific people different prices, and of course a wide arrange of sometimes nasty psychological tricks is used. The example Facebook once gave to potential advertisers, of targeting an <a href="https://www.wired.com/2017/05/welcome-next-phase-facebook-backlash/">insecure youth "at their most vulnerable"</a> with an ad is... rather disgusting.</p><p>This gets worse when we're not just talking about product ads but political ads, either from political countries or, of course, from foreign non-democratic adversaries trying to influence our freedoms in a rather direct and dangerous way. And again - this is more effective than most people realize or are willing to admit and has swayed elections already, making is all less free.</p><h4 style="text-align: left;">Centralization is bad</h4><p>Second, there is simply a HUGE issue with all-our-eggs in one basket. Especial when that basket is in a foreign country and not protected by privacy and security laws compatible with those in your own country. Having a single point of failure, how well protected - is just not smart. Things WILL fail, always. Better have slightly more breaches that each are just a single provider, than one breach of all private data of everyone in a country...</p><p>And that's not even talking about the fact that this data helps these companies get incredibly huge and then allows them to suppress or kill competition (or just buy it) - think Amazon, Microsoft. These tech molochs are just plain bad because of many reasons. They are anti-competitive, which raises prices, decreases choice, and the much lower innovation-per-dollar they produce is of course a worse deal for society too. They are too easy to control by law enforcement and censorship, impacting our freedoms - even when they're not 'foreign' to you. Yes, it is harder to censor 50000 private servers than one Google server farm!</p><h3 style="text-align: left;">Triggered</h3><p> So, as you notice, this question triggered me. Not all privacy violations are equal. Intentions matter. As does market power. And the GDPR is not a golden bullet. It has downsides - compliance is often easier for big companies than small ones, a serious issue.</p><p>Luckily, our judicial system tends to look at the intentions behind law, and I would expect a judge to fine an organization heavier for truly bad business models than for honest mistakes. I hope I'm not too optimistic here.</p><p>From my side, I don't want to bang on people's head for mistakes. I want to attack and challenge bad business models and bad intentions. A local, small app maker who fails to respond quickly enough to GDPR requests - not my target. Facebook - yes.</p><p>And by the way. Maybe it doesn't need to be said to most of you, dear readers, but of course - our open source world is, I still believe, a huge part of solving this problem. KDE, openSUSE and other Linuxes and desktops - and of course Nextcloud, Mastodon, Matrix and other decentralized and distributed and self-hosted platforms. We have ways to go, but we're making progress!</p><p><br /></p><p>As I concluded to the person who triggered me - I know, this is far too long a reply to what they said</p><p><br /></p><p>But it triggered me ;-)</p><p><br /></p><p>Best reply over twitter, (twitter.com/jospoortvliet) or so, this awful Google platform makes commenting nearly impossible. And I know, the irony, replying on twitter, and I still have not moved away from blogger.com... Some day, some day. When I find time.</p>Jos Poortvliethttp://www.blogger.com/profile/05243886270488333877noreply@blogger.com0tag:blogger.com,1999:blog-12366865.post-87951247009436341642020-06-08T11:11:00.024+02:002020-12-08T07:17:54.207+01:00Collabora vs ONLYOFFICE<div dir="ltr" style="text-align: left;" trbidi="on"><p>Since the Nextcloud Hub release switched from ONLYOFFICE to Collabora Online as default, lots of people have asked why. Is one better than the other? Let's talk about this.</p>
<h2>History</h2>
<p>Let me first say - the decision wasn't pure technical. As always, relations and other reasons play a role. I'll try to cover both aspects, but there is always more. With that out of the way, let's first look at how ONLYOFFICE got into Nextcloud.</p>
<p>
Frank, myself and others in the Nextcloud community have wanted to integrate office in our collaboration platform for most of the past decade. Previously, we* had invested quite a bit in getting a collaborative document editor into our private cloud. The Documents app was a from-the-ground-up developed ODF editor with a unique and very clever design, built by KO GmbH (now sadly defunct). We together put resources in integration and further development and we hoped other (open source) businesses would invest and contribute too, so the solution would grow in time. Also, we had hoped some customers would be willing to pay for it. Both of these did not really come true, and KO sadly didn't survive.</p>
<p>
* Note that I use 'we' here loosely as I wasn't really involved back then, so think 'the core team', as a slowly-changing team of people, including Frank, Jan, Arthur and others.</p>
<p>
Fast forward to our launch on June 2 2016 (happy birthday!), and a few months later we <a href="https://nextcloud.com/blog/nextcloud-and-collabora-bring-online-office-to-everybody/">announced Collabora Online integration.</a> We had worked with Collabora to make this available not just to enterprise customers, as before, but to all users thanks to the 'CODE' docker image. As you know, we care deeply about community/private home users and this was of course a great step forward.</p>
<p>
But running docker, setting up a reverse proxy on a second domain with proper certificates - it isn't easy and does not work for everyone. So we had to keep maintaining the Documents app a little, as some users still could only use that.</p>
<h2>ONLYOFFICE vs Collabora</h2>
<p>Meanwhile, a new open source online office solution came around, ONLYOFFICE. Let's talk for a sec how they compare Collabora, as the two could not be more technically and non-technically different!</p>
<h3>Technical: how they work</h3>
<p><strong>The way Collabora Online works is:</strong><br />
An embedded version of Libreoffice runs on the server. It reads the document, then 'streams' the rendered document as image tiles to the browser client, which shows it to the user. The browser client does some of the menu's and lots of smart things like showing the cursor, other users, text selection etc, but many other components like pop-up menu's and sidebars are also streamed from the back-end, giving relatively good feature parity with LibreOffice. This strategy is responsible for giving LibreOffice, for example, desktop-level table style editing, better than any other online office solution.</p>
<p><strong>The way ONLYOFFICE works is:</strong><br />
The document is converted on the server to a JSON file which is streamed to the browser client. The browser client is the full office suite, editing the document. Once done, it sends back the JSON and the server merges and exports it back to a file. A fully html5 canvas based front-end means a relatively pretty user interface and any javascript dev can go hacking.</p>
<p><strong>So what does this mean?</strong><br />
</p><ul><li>LibreOffice is much heavier on the server and network connection, but uses a bit less client resources which tends to help mobile devices with battery life during editing</li>
<li>You get the full Libreoffice file type support. Decades worth of obscure file formats, it is all there.</li>
<li>ONLYOFFICE has a more modern UI, writing it all in Javascript so it is far easier to be mobile-friendly. You can imagine how useless those old LibreOffice paragraph settings dialogs are on a mobile phone screen!</li>
<li>In theory ONLYOFFICE would be much easier to integrate in web apps in general. Most app frameworks can consume a javascript or json component, a simply streamed, tiled image is far less flexible...</li>
</ul><br />
<h3>Compatibility</h3>
<p>On document support, three things.</p>
<p>
First, with regard to the Microsoft file compatibility - this is ALWAYS hit and miss. I can't objectively claim either is better or worse, you will always find a file that works well in one but not the other. But you will also find lots of MS Office files that won't work in Office 365, or break the desktop version between Mac and Windows or even just from older versions, because Microsoft screwed up their own compatibility.</p>
<p>
Second, one thing I can say: if you migrate from Collabora Online to ONLYOFFICE and most of your files are ODF files because that's what Collabora uses by default, you're in for a bad experience. The ODF support in ONLYOFFICE is quite basic. But with MS Office files they feel on-par to me and that's what probably matters for most people. (sadly, yes)</p>
<p>
Third, if you need any other file types - Collabora can handle a LOT, due to its long legacy. Word Perfect anyone?</p>
<p>For other technical capabilities - I probably be best off simply pointing to the comparisons both made themselves:</p>
<ul>
<li><a href="https://www.collaboraoffice.com/comparing-collabora-with-onlyoffice/">From Collabora</a></li>
<li><a href="https://www.onlyoffice.com/en/best-collabora-alternative.aspx">From ONLYOFFICE</a></li>
</ul>
<h3>Social/historical differences</h3>
<p>Let's talk about the second big difference between Collabora and ONLYOFFICE: their roots. Collabora builds on and is part of the LibreOffice community, a decades-old project, and consists of long time open source believers. Development is open and accessible and there are lots of individuals and companies that work on and can provide services for its code base. ONLYOFFICE on the other hand, is quite new to open source and only a bit over a dozen people have contributed to the code base. Their open core model if of course less than favorite in the open source world, though it is still miles better than proprietary - some people seem to lose sight of that sometimes, if you ask me. For an end user, the development model makes little difference, in either case.</p>
<p>let me emphasize two things.<br />
First, it is awesome that we have TWO open source office suits. Building one is an amazing accomplishment - we have had others in the past but most are no longer really viable due to the massive amount of resources required to keep up.<br />
Second, I think it is great that ONLYOFFICE decided to open source their product. I believe most people really under estimate what it takes to turn around your business model so radically. And if you're unhappy with decisions made, in either case - contribute, get involved. That is how you change things in open source.</p>
<h2>Getting Office in Nextcloud</h2>
<p>So, as I said in the History section, by 2017 we had three office solutions integrated in Nextcloud. One was easy to install but unmaintained and quickly deteriorating. The other two were harder to install but much more complete.</p>
<p>You know we're ambitious people, so indeed we have thought about and discussed this situation forever. And at some point, <a href="https://github.com/icewind1991/">Robin</a> started to really investigate what would be possible. After looking deeply at both, he finally managed to create a proof of concept with ONLYOFFICE. What he did was:</p>
<p>
1. Separate the 'converter' part from ONLYOFFICE, the javascript front-end and the 'rest'<br />
2. Made a separate binary of the converter, package the javascript and <b>rewrite</b> all the glue that lets them interact in PHP<br />
3. Make this thing install-able as one big blob, acting as alternative 'server' with a proxy component that ties it all together</p>
<p>This was a LOT of work, but after polishing it, we had something we could show to the ONLYOFFICE people. They were initially not huge fans of what we did - no surprise, as it was an ugly solution. We discussed this for a fair bit and in the end, we agreed on an approach.</p>
<p>The result was what we made available last January with the first release of Nextcloud hub. We saw it as a first step towards deeper integration. Watch the video below to get an idea of what it looked like!</p>
<stream controls="" poster="https://nextcloud.com/media/documents-video.png" src="6644f6c1e7c0a5e3ff5b877e07ed1dea"></stream> <script data-cfasync="false" defer="" src="https://embed.videodelivery.net/embed/r4xu.fla9.latest.js?video=6644f6c1e7c0a5e3ff5b877e07ed1dea" type="text/javascript"></script>šŗ <small><a href="https://www.youtube.com/watch?v=nxX_Z6BKySw">view video on YouTube</a></small>
<h2>And then...</h2>
<p>After release, two things happened.<br />
First, ONLYOFFICE has sadly been unable to focus much on the integration with Nextcloud. There was a long wish list we had - there is a lot you can do to make the experience nicer, from removing/disabling/hiding duplicated features like the build in chat and file handling to making file collaboration work in other apps like Talk, or adding certain features that connect even deeper like @mentioning users for example. Unfortunately, this didn't happen. No blame, there is a lot happening in the world right now!<br />
Second, Collabora was inspired by the work and while we didn't think we could make it install-able with such ease, they obviously know their own technology better. And indeed, they did make it happen! Besides that, we worked with them to improve the already pretty good integration further, allowing you to edit documents while in a video call or chat in Talk.</p>
<p>As our focus continues to be on providing the best experience possible, we simply looked at that: what gives, right now, the best experience. And thus our latest video shows Collabora instead...</p>
<stream controls="" poster="https://nextcloud.com/media/Home-Office-video-thumb.jpg" preload="" src="4b66104c586170a4dc5b6ebbed80b193"></stream> <script data-cfasync="false" defer="" src="https://embed.videodelivery.net/embed/r4xu.fla9.latest.js?video=4b66104c586170a4dc5b6ebbed80b193" type="text/javascript"></script> šŗ <small><a href="https://youtu.be/FMgBD3Jr33Y">view video on YouTube</a></small>
<p>Note that this doesn't mean we don't like ONLYOFFICE. š This just changed the default you get on installation. Both solutions are very good and continue to be available for users! And perhaps things will change for the next release. Given the large differences at every level between the two, I consider it a benefit to have both approaches available for Nextcloud users!</p>
<h1>So is Collabora better?</h1>
<p>I will let Captain Marvel answer that.<br />
<a href="https://4.bp.blogspot.com/-5lUjBbQ-Bqw/XtzwBIOyL7I/AAAAAAAAau0/u2Al0N8bpSADRl_OUyMxutiOSeMiTErigCLcBGAsYHQ/s1600/captain%2Bmarvell%2Bno%2Byes%2Bmaybe.png"><img border="0" data-original-height="800" data-original-width="500" src="https://4.bp.blogspot.com/-5lUjBbQ-Bqw/XtzwBIOyL7I/AAAAAAAAau0/u2Al0N8bpSADRl_OUyMxutiOSeMiTErigCLcBGAsYHQ/s1600/captain%2Bmarvell%2Bno%2Byes%2Bmaybe.png" /></a>
</p><p></p></div>Jos Poortvliethttp://www.blogger.com/profile/05243886270488333877noreply@blogger.com0tag:blogger.com,1999:blog-12366865.post-70441909564859531532020-04-03T10:44:00.000+02:002020-06-05T10:45:39.197+02:00Rant of the day: well, at least Microsoft is making loads of money...<div dir="ltr" style="text-align: left;" trbidi="on">Sadly, many if not most of our schools today are suddenly pumping lots of extra money into Microsoft, Zoom and other proprietary software companies, because they need online collaboration. We all know there are many alternatives to giving their students' data away to foreign companies but most don't bother. It is annoying, there is always budget for Microsoft, but not for proper, local, privacy-protecting open source solutions, even if those are better. Why is that?<br />
<br />
Reputation, I'm convinced, is the main reason for that.<br />
<br />
<h2>We teach them the wrong thing</h2>Unfortunately, a lot of people try to convince schools, governments, charitable organizations and even companies to not pay anything at all. They are promoting open source solutions as an alternative that is cheaper or free, which just makes it look inferior to management. They are not telling organizations to pay local and open source product companies instead of Microsoft.<br />
<br />
Open source/Free Software advocates hammer on "but it is free"! And when they do, THEY probably think of Freedom. But the person they talk to just thinks "cheap and bad", no matter how you try to explain freedom. Nobody gets that, really, even if they nod friendly while thinking what a silly, idealistic nerd you are. Been there, done that.<br />
<br />
I love the enthusiasm, yes, but in the end it is not helpful: it presents open source as a crappy but cheaper alternative without any real support. Well, there are a few overloaded volunteer enthusiasts who might do a great job for a volunteer but can't compete with a bunch of full time paid people at Microsoft. So the schools and governments and companies will simply use those 'free' (as in cheap and crappy) services as a stop-gap and then beg their bosses for budget to be able to pay a "proper" Microsoft service. There goes more public money in NOT public code.<br />
<br />
We need to stop teaching companies that open source is a crappy, cheaper alternative to proper, paid alternatives from big American companies and instead tell them that they can pay for an open source solution that has real good support, no vendor lock-in, doesn't leak your data, protects your privacy and is actually better in many other ways. That way open source companies can actually hire people to make products better instead of just doing consulting one customer at a time.<br />
<br />
And yes, some companies and some business areas have figured this out - Red Hat and SUSE are obvious examples, and projects like OpenStack have lots of paid people involved. But lots of other companies, from Bareos (backup) to Kolab (groupware) have struggled for years if not decades to build a product, instead getting sucked into consulting.<br />
<br />
<h2>It doesn't work that way</h2>I have seen loads of open source product companies go bankrupt or just give up and become consulting firms because their customers simply expected everything for free and to only pay a bit for consulting. Lots of open source people work at or set up their own consulting firms, occasionally even contributing a patch to upstream - but not building a product. Not that they don't want to, but they quickly find out that working your ass off for a maybe decent hourly rate does not leave you time to actually work on the thing you wanted to improve in the first place.<br />
<br />
Indeed, you can't build a good end user product that way. Frank and myself put together a talk about this recently:<br />
<br />
<iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/DcDKZkDZX24" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe><br />
<br />
I have also recently written an article about this entire thing, explaining why of all the business models around open source, only subscriptions can lead to a sustainable business that actually builds a great product. Will hopefully soon be on opensource.com.<br />
<br />
<h2>Yeah but volunteers...</h2>Are fundamental to open source, yes, no doubt. At Nextcloud we could not have build what we did without lots of volunteers, heck, nearly everybody at Nextcloud was a volunteer at some point. And yes, all code we write is AGPL, and that, too is important. I am NOT arguing against that, not in the least.<br />
<br />
What I say is:<br />
<ul><li>You can't build a great product without paid developers*</li>
<li>You can't build a great product on consulting and only getting paid for setting it up/hosting</li>
</ul>But let me then also add:<br />
<ul><li>You can build a better product collaboratively</li>
<li>And the (A)GPL are the best licenses to do that</li>
</ul><br />
I'm sure there are exceptions to those rules, yes. But compare a great product like Krita, see how its developers struggle every day to be able to pay the bills of just a few full-time volunteers. Do you know how they are currently paying most of them? Last time I spoke to Boudewijn, the reality was sad: the Microsoft App store. Yup. How many does Adobe manage to pay to work on its products? Why should our ambition not be to have as many people working on Krita? Of course it should be. And yes, keep it open source. Is that doable?<br />
<br />
Of course it is. Well, maybe not Adobe levels, but we can absolutely do better.<br />
<br />
<h2>Missed opportunities</h2>I said this was a rant, so I do have to complain a bit. My biggest regret is that KDE failed to catch up during the netbook period (around 2005). I believe that it is in no small part because we failed to work with businesses. Idealism can be super helpful and can also totally keep you irrelevant.<br />
<br />
KDE is, lately, working more with companies, trying to build up more business around its product. GNOME has been far better at that for a far longer time, by the way. It is hard, and companies like Kolab, struggling for the last ~20 years to make things work, have shown that. Just being a for-profit obviously doesn't solve all problems. Idealism and hard work are not enough to make a business work. But we can do better, and Nextcloud is an example that shows we can. Now not all things are freaking awesome at Nextcloud, really - we work our a**** off and it is hard. We put on our best face in public but sometimes I just want to bang my head on and in the wall...<br />
<br />
Still, see the video, read the blog hopefully soon on opensource.com - there are ways.<br />
<br />
Thoughts welcome.<br />
<br />
Edit:<br />
* let me qualify that statement. You can do it without paid developers in a small project, I dunno, grep or ls or the awesome <a href="https://github.com/MaartenBaert/ssr">simplescreenrecorder</a> and tools like that. With those there is a risk of the apps going unmaintained and new ones popping up all the time - look at music players in the KDE community. I'd rather see one well maintained than new ones pop up with all their different flaws, but I totally get that for a volunteer it is often easier and more fun to start fresh. In either case, once you start building something huge, it gets pretty hard without long term dedicated resources. Note that it can be donations-run (like Krita and many others), with a charitable organization. I do think it is about more than 'just' the resources. If somebody 'just' sponsored 25 people to work full-time on Nextcloud, the end result would be different than the situation today. The need to deliver something that makes customers happy (which means focus on details, scalability etc!) and pressure to do things you wouldn't want to do in your free time (developer documentation...) make a big difference.<br />
<br />
In any case, I really don't think projects like LibreOffice, Firefox, Nextcloud, KDE or GNOME and the Linux kernel itself would be where they are today without people paid to work on them.<br />
</div>Jos Poortvliethttp://www.blogger.com/profile/05243886270488333877noreply@blogger.com4tag:blogger.com,1999:blog-12366865.post-19468564446201165752019-09-07T11:38:00.001+02:002019-09-07T11:38:55.884+02:00thoughtful blog reply by Alberto 'Mardy' MardeganLet me add a link here to a thoughtful blog reply by Alberto 'Mardy' Mardegan!Jos Poortvliethttp://www.blogger.com/profile/05243886270488333877noreply@blogger.com0tag:blogger.com,1999:blog-12366865.post-85625440519002931702019-09-04T12:11:00.001+02:002019-09-07T11:24:42.165+02:00Principles<div dir="ltr" style="text-align: left;" trbidi="on"><img class="" style="float:right; width: 300px;height:auto;margin:30px;" src="https://nextcloud.com/wp-content/themes/next/assets/img/common/yourdata.gif" alt="dafuq?"><br />
We recently did a <a href="https://nextcloud.com/blog/the-nextcloud-mission-and-principles/">post about the Nextcloud Mission and Principles</a> we discussed at the previous Contributor Week. I guess it is mostly the easy-to-agree on stuff, so let me ruin the conversation a bit with the harder stuff. Warning: black and white don't exist beyond this point.<br />
<br />
<h2>Open Source</h2>In an internal conversation about some community pushback on something we did, I linked to <a href="http://www.islinuxaboutchoice.com">islinuxaboutchoice.com</a> - people often think that 'just' because a product is open source, it can't advertise to them, it has to be chock full of options, it has to be made by volunteers, it can't cost money and so on...<br />
<br />
But if you want to build a successful product and change the world, you have to be different. You have to keep an eye on usability. You have to promote what you do - nobody sees the great work that isn't talked about. You have to try and build a business so you can pay people for their work and speed up development. Or at least make sure that people can build businesses around your project to push it forward.<br />
<br />
I personally think this is a major difference between KDE and GNOME, with the former being far less friendly to 'business' and thus most entrepreneurial folks and the resources they bring go into GNOME. And I've had beers with people discussing SUSE's business and its relationship with openSUSE - just like Fedora folks must think about how they work with Red Hat, all the time. I think the openSUSE foundation is a good idea (I've pushed for it when I was community manager), but going forward I think the board should have a keen eye on how they can enable and support commercial efforts around openSUSE. In my humble opinion the KDE board has been far to little focused on that (I've ran for the board on this platform) and you also see the LibreOffice's Document Foundation having trouble in this area. To help the projects be successful, the boards on these organizations need to have people on them who understand business and its needs, just like they need to have community members who understand the needs of open source contributors.<br />
<br />
But companies bring lots of complications to open source. When they compete (as in the LibreOffice ecosystem), when they advertise, when they push for changes in release cycles... Remember Mark Shuttleworth arguing KDE should adopt a 6-month release cycle? In hindsight, I think we should have!<br />
<br />
<h2>Principles</h2>So, going back to the list of <a href="https://nextcloud.com/blog/the-nextcloud-mission-and-principles/">Nextcloud's Mission and Principles</a>, I say they are the easy stuff, because they are. They show we want to do the right thing, they show what our core motivation was behind starting this company: building a project that helps people regain control over their privacy. But, in day to day, I see myself focus almost exclusively on the needs of business. And you know what, businesses don't <strong>need</strong> privacy... That isn't why we do this.<br />
<br />
Oh, I'm very proud we put in significant effort in home users when we can - our <a href="https://nextcloud.com/yourdata/">Simple Signup</a> program has cost us a lot of effort and won't ever make us a dime. The <a href="https://nextcloud.com/box/">Nextcloud Box</a> was, similarly, purely associated with our goals, not a commercial project. Though you can argue both had marketing benefits - in the end, a bigger Nextcloud ecosystem helps us find customers.<br />
<br />
I guess that's what keeps me motivated - customers help us improve Nextcloud, more Nextcloud users help us find more customers and so both benefit.<br />
<br />
<h2>Pragmatism and the real hard questions</h2>Personally, I'd add an item about 'pragmatism' to the list, though you can say it is inferred from our rather large ambitions. We want to make a difference, a real difference. That means you have to keep focused on the goal, put in the work and be pragmatic.<br />
<br />
An example is the conversation about github. Would we prefer a more decentralized solution? Absolutely. Are we going to compromise our goals by moving away from the largest open source collaboration network to a platform which will result in less contributions? No.... As long as github isn't making our work actively harder, does not act unethically and its network provides the biggest benefits to our community by helping us reach our goals, we will stay...<br />
<br />
<h3>More questions and the rabbit hole</h3>Would you buy a list of email addresses to send them information about Nextcloud? No, because it harms those users' privacy and probably isn't even really legal. Would you work with a large network to reach its members, even if you don't like that network and its practices? Yes - that is why we're on Facebook and Twitter, even though we're not fans of either.<br />
<br />
Let's make it even harder. How about the choice of who you sell to. Should we not sell to Company X even if that deal would allow us to hire 10 great developers on making Nextcloud better for the whole world and further our goals? Would you work with a company that builds rockets and bombs to earn money for Nextcloud development? We've decided 'nope' a few times already, we don't want that money. But what about their suppliers? And suppliers of suppliers? A company that makes screws might occasionally sell to Boeing which also makes money from army fighters... Hard choices, right?<br />
<br />
And do you work with countries that are less than entirely awesome? Some would argue that would include Russia and China, others would say the USA should be on a black list, too... What about Brazil under its current president? The UK? You can't stop anyone from using an open source product anyway, of course... It gets political quick, we've decided to stick to EU export regulations but it's a tough set of questions. <a href="https://en.wikipedia.org/wiki/Criticism_of_Mother_Teresa">Mother Teresa took money from dictators.</a> Should she have? No?<br />
<br />
It might seem easy to say, in a very principled way, <strong>no</strong> to all the above questions, but then your project won't be successful. And your project wants to make the world better, does it not?<br />
<br />
<h2>Conclusion?</h2>We discuss these things internally and try to be both principled and pragmatic. That is difficult and I would absolutely appreciate thoughts, feedback, maybe links to how other organizations make these choices. Please, post them here, or in the comments section of the <a href="https://nextcloud.com/blog/the-nextcloud-mission-and-principles/">original blog</a>. I can totally imagine you'd rather not comment here as this blog is hosted by blogger.com - yes, a Google company. For pragmatic reasons... I haven't had time to set up something else!<br />
<br />
There's lots of grey areas in this, it isn't always easy, and sometimes you do something that makes a few people upset. As the Dutch say - **Waar gehakt wordt vallen spaanders**.<br />
<br />
<br />
<br />
PS and if you, despite all the hard questions, still would want to work at a company that tries to make the world better, <a href="https://nextcloud.com/jobs">we're hiring!</a> Personally, I need somebody in marketing to help me organize events like the Nextcloud Conference, design flyers and slide decks for sales and so on... <a href="https://blog.jospoortvliet.com/2018/06/working-at-nextcloud.html">Want to work with me?</a> Shoot me an email!<br />
</div>Jos Poortvliethttp://www.blogger.com/profile/05243886270488333877noreply@blogger.com3tag:blogger.com,1999:blog-12366865.post-25096262326801595402018-06-25T23:16:00.000+02:002018-06-25T23:16:16.656+02:00Working at Nextcloud<div dir="ltr" style="text-align: left;" trbidi="on"><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-gbHWGwXiKe4/WYBpJqFupJI/AAAAAAAAYNU/ddMgPYwvdaYIQmRRZPs56d05ur4lF6WbgCPcBGAYYCw/s1600/hacking.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="https://1.bp.blogspot.com/-gbHWGwXiKe4/WYBpJqFupJI/AAAAAAAAYNU/ddMgPYwvdaYIQmRRZPs56d05ur4lF6WbgCPcBGAYYCw/s320/hacking.jpg" width="320" height="214" data-original-width="1600" data-original-height="1070" /></a></div>I've been around in communities like KDE, openSUSE, Mandrake/Mandriva and others... and various open source and closed companies. Seen some do a good job. Seen others be mismanaged. This one: the most fun. Serious.<br />
<br />
Working at Nextcloud is special. For one, we're a distributed company. Is it hard? Well, yes and no. Working from home is great with such a motivated team with very little management overhead and good communication. Our company is entirely built on it, that is why it works.<br />
<br />
As an example, while our head of sales lives in Hannover, the rest of the sales people is spread over Berlin, Switzerland, Stuttgart... Engineers can be found in Germany, Netherlands, Spain, even Croatia and as far as Cape Verde. I'm sure I forgot some countries. Our biggest office in Stuttgart has less people than we have in Berlin!<br />
<br />
But we connect in person: roughly every second month, at a company-wide meeting in a single place, usually Stuttgart, for a full week of coding and having a great time. And once a year we go to Berlin for our conference, happening the last week of August! All those meetings are open, with often lots of community members participating in the whole process of designing and deciding around our software.<br />
<br />
And yes, the sales people join there, too. I have NEVER worked in a company where the sales people, the marketing team and the engineers were so good with each other. Respect between these three departments is extremely rare, as I'm sure every one of my readers knows from experience.<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://2.bp.blogspot.com/-FUP9Kr-2neg/WYBo5G-fVqI/AAAAAAAAYNU/8RIaki1wGx4KwfUIIh1aibw2jPwNqiSywCPcBGAYYCw/s1600/first%2Bconf%2Bteam%2Bsmall.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://2.bp.blogspot.com/-FUP9Kr-2neg/WYBo5G-fVqI/AAAAAAAAYNU/8RIaki1wGx4KwfUIIh1aibw2jPwNqiSywCPcBGAYYCw/s640/first%2Bconf%2Bteam%2Bsmall.jpg" width="640" height="360" data-original-width="1600" data-original-height="900" /></a><br> Me handing the mic to the guys that started it all back in 2010</div><br />
<br />
What else is crazy about Nextcloud? Here's another one: where lots of companies struggle to find good engineers, that is literally the LEAST of our problems. We drown in amazingly good CV's and have a big pool of enthusiastic, qualified engineers who contribute to Nextcloud and already know the code. I wish we could hire them all but growing more than 50-80% per year isn't really health for a company culture...<br />
<br />
Also special: other companies struggle to get sales leads and pay lots of (advertising) money for them. We, we drown in leads... Even without marketing automation. Our biggest challenge, instead, is answering all the requests from companies that want to buy our product - we need more sales people!<br />
<br />
Yes, we're a pretty unique company in how we approach open source business and we're successfully taking on much bigger companies. Yes, it works! Just check how we're doing on <a href="https://trends.google.com/trends/explore?q=Nextcloud,ShareFile,Egnyte,ownCloud,Accellion">Google Trends.</a> Love that!<br />
<br />
If you want to work for us, <a href="https://nextcloud.com/jobs">especially in sales</a>, or know somebody who should, tell me ;-)<br />
<br />
Or first learn about us by meeting us - <a href="https://nextcloud.com/conf">you're welcome at our conference</a>! Or at one of our meetups, there's a <a href="https://nextcloud.meetup.com">monthly one in Berlin</a> for example.<br />
<br />
<blockquote class="twitter-tweet" data-lang="en"><p lang="en" dir="ltr">Berlin <a href="https://twitter.com/hashtag/nextcloud?src=hash&ref_src=twsrc%5Etfw">#nextcloud</a> meetup had to spread out as we didn't fit at one table... <a href="https://t.co/hx9h1OMGKd">https://t.co/hx9h1OMGKd</a> <a href="https://t.co/4TXoS89a87">pic.twitter.com/4TXoS89a87</a></p>— Jos Poortvliet (@jospoortvliet) <a href="https://twitter.com/jospoortvliet/status/1009497985342943233?ref_src=twsrc%5Etfw">June 20, 2018</a></blockquote><script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script><br />
<br />
</div>Jos Poortvliethttp://www.blogger.com/profile/05243886270488333877noreply@blogger.com0tag:blogger.com,1999:blog-12366865.post-35431187397670946312018-01-12T21:34:00.000+01:002018-01-12T21:34:09.439+01:00Nasty fall-out from Spectre and Meltdown<div dir="ltr" style="text-align: left;" trbidi="on"><div class="separator" style="clear: both; text-align: center;"><a href="https://2.bp.blogspot.com/-WTYq1ahUmpk/WlkaxWMAPfI/AAAAAAAAYg0/66jMtO0JgI8JqObyMgJ331WmlumELIqoQCLcBGAs/s1600/meltdown-spectre-logos.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="https://2.bp.blogspot.com/-WTYq1ahUmpk/WlkaxWMAPfI/AAAAAAAAYg0/66jMtO0JgI8JqObyMgJ331WmlumELIqoQCLcBGAs/s320/meltdown-spectre-logos.png" width="320" height="240" data-original-width="1200" data-original-height="900" /></a></div>I guess it's hard to miss Spectre and Meltdown so you probably read about it. And there's more bad news than what's been widely reported, it seems.<br />
<br />
<h2>You trust the cloud? HAHAHAHA</h2>What surprised me a little was how few journalists paid attention to the fact that Meltdown in particular breaks the isolation between containers and Virtual Machines - making it quite dangerous to run your code in places like Amazon S3. Meltdown means: anything you have ran on Amazon S3 or competing clouds from Google and Microsoft has been exposed to other code running on the same systems.<br />
<br />
And storage isn't per-se safe, as the systems handling the storage just might also be used for running apps from other customers - who then thus could have gotten at that data. <a href="https://nextcloud.com/blog/security-flaw-in-intel-cpus-breaks-isolation-between-cloud-containers/">I wrote a bit more about this in an opinion post for Nextcloud.</a> <br />
<br />
We don't know if any breaches happened, of course. We also don't know that they didn't. <br />
<br />
That's one of my main issues with the big public cloud providers: we KNOW they hide breaches from us. All the time. For YEARS. <a href="https://www.nytimes.com/2016/09/23/technology/yahoo-hackers.html">Yahoo did particularly nasty</a>, but was it really such an outlier? Uber hid data stolen from 57 million users for a year, <a href="https://www.yahoo.com/news/uber-hid-hack-more-exposed-220200656.html">which came out just November last year.</a><br />
<br />
Particularly annoying if you're legally obliged to report security breaches to the users it has affected, or to your government. Which is, by the way, the case in more and more countries. You effectively can't do that if you put any data in a public cloud...<br />
<br />
Considering the <a href="https://www.bloomberg.com/gadfly/articles/2018-01-09/sec-needs-to-quit-taking-executives-word-on-stock-sales">sales of the maximum allowed amount of stock just last November by the Intel CEO</a>, forgive me if I have little trust in the ethical standards at that company, or any other for that matter. (oh, and if you thought the selling of the stock by the Intel CEO is just typical stuff, nah, it was <a href="https://www.fool.com/investing/2017/12/19/intels-ceo-just-sold-a-lot-of-stock.aspx">noticed as interesting BEFORE Meltdown & Spectre became public</a>)<br />
<br />
So no, there's no reason to trust these guys (and girls) on their blue, brown, green or black eyes. None whatsoever.<br />
<br />
<h2>Vendors screwed up a fair bit. More to come?</h2>But there's more. GregKH, the inofficial number two in Linux kernel development, <a href="http://kroah.com/log/blog/2018/01/06/meltdown-status/">blogged about what-to-do wrt Meltdown/Spectre</a> and he shared an interesting nugget of information:<br />
<blockquote>We had no real information on exactly what the Spectre problem was at all</blockquote>Wait. What? So the guys who had to fix the infrastructure for EVERY public and private cloud and home computer and everything else out there had... no... idea?<br />
<br />
Yeap. <a href="https://www.golem.de/news/updates-wie-man-spectre-und-meltdown-loswird-1801-132125.html">Golem.de notes</a> (in German) that the coordination around Meltdown didn't take place over the usual closed kernel security mailing list, but instead distributions created their own patches. The cleanup of the resulting mess is ongoing and might take a few more weeks. Oh, and some issues regarding Meltdown & Spectre might not be fix-able at all.<br />
<br />
But I'm mostly curious to find out what went wrong in the communication that resulted in the folks who were supposed to write the code to protect us <strong>didn't know what the problem was</strong>. Because that just seems a little crazy to me. <small>just a little.</small><br />
</div>Jos Poortvliethttp://www.blogger.com/profile/05243886270488333877noreply@blogger.com0tag:blogger.com,1999:blog-12366865.post-32892136874355475792017-09-28T13:07:00.000+02:002017-09-28T13:07:18.495+02:00Client-side, server-side and zero-knowledge end-to-end encryption in Nextcloud<div dir="ltr" style="text-align: left;" trbidi="on"><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: right; margin-left: 1em; text-align: right;"><tbody>
<tr><td style="text-align: center;"><img alt="End-to-end encryption in Android in action" class="alignright" height="672" src="https://nextcloud.com/media/final.gif" style="margin-left: auto; margin-right: auto;" width="340" /></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Android encryption in action</td></tr>
</tbody></table>Yesterday, Nextcloud published plans, designs and code for end-to-end encryption in the clients. A recent report from Forrester named data encryption as one of the top global Cybersecurity trends for 2017, so this is a big deal! I thought it'd be good to go over the differences between client-side, server-side and end-to-end encryption and position what we developed.<br />
<br />
<h2 style="text-align: left;">End-to-End Encryption</h2>End-to-end encryption is usually associated with communication channels, think chat or video calls. Signal, Telegram and lately WhatsApp employ end-to-end encryption. So what does it mean?<br />
<br />
The main property of end-to-end encryption is that the data is encrypted on the one end and decrypted on the other end, so only the sender and receiver can read it.<br />
<br />
As an example, take the Nextcloud Video Calls app. When you share a link for a call and the other person joins, the Nextcloud Server essentially gives the other user the address of your computer and helps you connect to each other. It will also send signals when others join the call, when you mute and so on. But the actual call takes place between your system and that of your conversational partner, directly. And before it is sent out, your browser will encrypt the data for the other side to decrypt. This way, nobody in between, like your internet provider, can listen in!<br />
<br />
The main downside of the term is that the definition of that <em>'end'</em> can vary: you can say that normal https encryption is 'end-to-end', defining one end as the browser and the other end as the server. So this brings us to the difference between server-side and client-side encryption.<br />
<br />
<h2 style="text-align: left;">Server-side encryption</h2>Server-side encryption serves to protect data on or going through a server: as soon as the data arrives, the server encrypts it. When you use a cloud storage like Amazon S3 or a Dropbox account or a FTP at another office with Nextcloud, our Server-side Encryption encrypts the data before it gets sent to the other storage and decrypt it only after it has been retrieved. Server-side encryption thus protects your data from access by a third party storage solution.<br />
<br />
Note that encryption in the browser is essentially server-side encryption: the code that does the work comes from the server and thus the server controls what is going on. If a server is compromised, the attacker (or evil system administrator or government agency) can simply make a minor modification to that code so it gives them access to your private key!<br />
<br />
When the data is on the server itself, however, the server admin has access to it as the keys are managed by the server. In case of Nextcloud, we encrypt that key with your login, making it impossible for the server to decrypt the files unless you are logged. That is called "<em>protection of data at rest</em>", but, of course, you log in all the time if you have the client running.<br />
<br />
So the limitation of server-side encryption lies in what it does not protect you from: the server being compromised.<br />
<br />
<h2 style="text-align: left;">Client-side encryption</h2>This is why server-side encryption is often contrasted with client-side encryption, which is what is employed by the end-to-end encryption Nextcloud introduced today. Where server-side encryption happens after transmission to the server, we encrypt the data on the Android, iOS or desktop client already. Then, only at the receiving end, it is decrypted again. That receiving end can be another device owned by the same user or a device owned by another user who has been given access to the data. But not anyone in between or otherwise not authorized! This is sometimes also called a zero-knowledge privacy: at no point in time can the server have any knowledge of the data.<br />
<br />
<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: right; margin-left: 1em; text-align: right;"><tbody>
<tr><td style="text-align: center;"><a href="https://2.bp.blogspot.com/-JQZes0-OQLs/Wcvj_HHfnVI/AAAAAAAAYTM/hU5uNpx7Rd8FIgjrx08bxf6rL9IfznrMgCLcBGAs/s1600/E2E-CreateAndSyncIdentity.pdf.png" imageanchor="1" style="clear: right; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" data-original-height="1257" data-original-width="878" height="320" src="https://2.bp.blogspot.com/-JQZes0-OQLs/Wcvj_HHfnVI/AAAAAAAAYTM/hU5uNpx7Rd8FIgjrx08bxf6rL9IfznrMgCLcBGAs/s320/E2E-CreateAndSyncIdentity.pdf.png" width="224" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">The process of creating keys</td></tr>
</tbody></table><h3 style="text-align: left;">A little bit about keys</h3>Usually, public and private keys are used for the encryption and decryption. How does that work?<br />
<br />
Everybody has a set of closely related keys, a 'public' and a 'private' key. They work a bit like a mail box works: anyone can throw a letter in the box, but only the mailman (or woman) can open and empty it. The public key is, as the name implies, public. Anyone can use it to encrypt something. But to decrypt the result, the private key is needed!<br />
<br />
Nextcloud generates a public and private key pair the first time a user enables end-to-end encryption in their client. The public key gets signed by the server with 'certificate' to verify the user identity (our Cryptographic Identity Protection feature) and stored there for other users to encrypt files to that they wish to share. The private key gets encrypted with a locally, app-generated very secure and very long (12 word!) passcode which is displayed to the user and then the key gets stored on the server as well.<br />
<br />
Another device owned by the user can download the private key, the user can enter the 12 word passcode to decrypt it, and this device will then also be able to encrypt and decrypt files. That is how you add your phone and desktop after you enabled end-to-end encryption on your laptop.<br />
<br />
You can learn much more about exactly how the encryption and decryption work on the<a href="https://nextcloud.com/endtoend" target="_blank"> end-to-end encryption web page</a> we made as well as the whitepaper you can download there.<br />
<br />
<h2 style="text-align: left;">Enterprise challenges</h2>While consumers use end-to-end encryption for chat for years, larger organizations like companies and governments have struggled to find solutions that protect their sensitive data without disrupting productivity and legal requirements for audit logs.<br />
<br />
Indeed, many solutions create a new layer over existing solutions like Box and Dropbox or have poor key management, making sharing cumbersome and less secure. A real enterprise solution needs to take the burden of complexity away from users and, if it needs to be anywhere, put it on the shoulders of the system administrators. Nextcloud has done exactly that, not even allowing users to create their own, potentially insecure password and making adding devices easy. The 12-word passcode can be recovered from any of the devices an user owns and it is possible to enable a system wide recovery key. If enabled, users will get warned of this and the system administrator gets to see and note down the key once and only once. After that, the code is destroyed and no attacker would be able to steal it, provided the server administrator puts it in a safe location: we'd recommend an actual safe.<br />
<br />
Another important feature for enterprises is support for a Hardware Security Module which could be used to generate user certificates. Without it, our design does not allow users to switch identities (as this could be abused by an attacker with control over the server) but this restriction can be relaxed if a secure HSM is in the mix.<br />
<br />
You can learn more on <a href="https://nextcloud.com/endtoend">our webpage about end-to-end encryption!</a><br />
</div>Jos Poortvliethttp://www.blogger.com/profile/05243886270488333877noreply@blogger.com0Berlin, Germany52.520006599999988 13.40495399999997552.21073109999999 12.759506999999974 52.829282099999986 14.050400999999976tag:blogger.com,1999:blog-12366865.post-87286172384256176032017-08-01T13:47:00.001+02:002017-08-01T14:32:04.863+02:00Privacy, self-hosting, surveillance, security and open source in Berlin<div dir="ltr" style="text-align: left;" trbidi="on">
<br />
<a href="https://4.bp.blogspot.com/-8S60OQ9fZTM/WYBpJzMkWWI/AAAAAAAAYNA/CJkdXvSdjMwG3yHzpTrIVPdyHxK20kpIQCLcBGAs/s1600/group%2Bphoto.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="1067" data-original-width="1600" height="213" src="https://4.bp.blogspot.com/-8S60OQ9fZTM/WYBpJzMkWWI/AAAAAAAAYNA/CJkdXvSdjMwG3yHzpTrIVPdyHxK20kpIQCLcBGAs/s320/group%2Bphoto.jpg" width="320" /></a>August 22-29 we're organizing a conference to discuss and work on privacy, self-hosting, security and open source in Berlin: the Nextcloud Conference. We expect some 150-200 people to participate during a week of discussing and coding and, especially on the weekend, presenting and workshopping. So I thought I should blog about <b>why</b> should you be there and <b>what</b> can you expect?<br />
<br />
If you care about protecting people from the all-pervasive surveillance, re-gain privacy and security of data and believe in self hosting and open source as solution for these issues, this is the place to be. Our event is special for two reasons:<br />
<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: right; text-align: right;"><tbody>
<tr><td style="text-align: center;"><a href="https://2.bp.blogspot.com/-FUP9Kr-2neg/WYBo5G-fVqI/AAAAAAAAYM4/c29M1eQVgt0h65npYFeQPPOrmJU9s6sggCLcBGAs/s1600/first%2Bconf%2Bteam%2Bsmall.jpg" imageanchor="1" style="clear: right; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" data-original-height="900" data-original-width="1600" height="180" src="https://2.bp.blogspot.com/-FUP9Kr-2neg/WYBo5G-fVqI/AAAAAAAAYM4/c29M1eQVgt0h65npYFeQPPOrmJU9s6sggCLcBGAs/s320/first%2Bconf%2Bteam%2Bsmall.jpg" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">The team that started ownCloud</td></tr>
</tbody></table>
<br />
We're <strong>doing it.</strong> And most of us have been, for a decade or more, in KDE, GNOME, SUSE, Ubuntu, phpBB and other earlier projects. The code we wrote has influenced millions of users already and we will go further and wider! Expect to meet people with a <em>can-do attitude.</em><br />
<br />
Second, Nextcloud has got a huge momentum, name recognition and has become one of the largest ecosystems in the open source privacy/self hosting area. It isn't just about us! Large companies, small startups and innovative individuals and small communities all over are building on and around Nextcloud. A few examples:<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-gbHWGwXiKe4/WYBpJqFupJI/AAAAAAAAYM8/FGsnHaJTl9QSu-IV2_0ZBLTRHPYs5BEyACLcBGAs/s1600/hacking.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="1070" data-original-width="1600" height="214" src="https://1.bp.blogspot.com/-gbHWGwXiKe4/WYBpJqFupJI/AAAAAAAAYM8/FGsnHaJTl9QSu-IV2_0ZBLTRHPYs5BEyACLcBGAs/s320/hacking.jpg" width="320" /></a></div>
<ul>
<li>Our keynote speaker is <a href="https://nextcloud.com/blog/tristan-nitot-cloud-future-privacy/">former Mozilla president Tristan Nitot,</a> who is currently CTO of Cozycloud, another private, open source self-hosted cloud solution.</li>
<li>We're working with the GNOME community on <a href="https://blog.juliushaertl.de/index.php/2017/06/20/the-first-weeks-of-gsoc/">deeper Linux desktop integration</a> (we hope we can bring those also to KDE's Plasma!) and lots of projects built on our technology, like the super cool <a href="https://github.com/mail-in-a-box/mailinabox/commit/d7731405024dcea0c69542aa41a739c0cd68db49">Mail-in-a-box</a></li>
<li>Many third party apps like the <a href="https://nextcloud.com/blog/using-webdav-fs-to-access-files-in-nextcloud/">buttercup password manager</a>, <a href="https://nextcloud.com/blog/nextcloud-android-client-1.3.0-brings-files-drop-support-calendarcontacts-integration-with-davdroid/">DAVdroid android app</a>, <a href="https://nextcloud.com/blog/privacyidea-adds-a-new-security-layer-to-nextcloud/">PrivacyIdea 2FA</a> and <a href="https://nextcloud.com/blog/open-id-sso-by-gluu-oxd-is-now-integrated-to-nextcloud/">Gluu SSO</a>, <a href="https://nextcloud.com/blog/use-collabora-online-with-nextcloud-directly-in-univention-app-center/">Collabora Online</a> and the innovative open source <a href="https://nextcloud.com/blog/introducing-cloud-storage-in-the-blockchain-with-sia-and-nextcloud/">Blockchain storage SIA</a> provide Nextcloud integration. And more are coming, expect announcements at the Nextcloud conference!</li>
<li>We have well over <a href="http://nextcloud.com/providers">70 different providers</a> like <a href="https://nextcloud.com/blog/introducing-civihosting/">CiviHosting</a></li>
<li>You can find over 80 apps on <a href="https://apps.nextcloud.com/" target="_blank">our app store</a> offering all kinds of additional capabilities and integrations, from Kanban or time planning apps to the mentioned authentication and external storages to music players to drawing apps to full text search to...</li>
<li>One organization after another implements or moves to Nextcloud, with <a href="https://nextcloud.com/blog/tu-berlin-halves-database-load-by-migrating-22k-users-to-nextcloud/" target="_blank">the TU Berlin</a> (where our conference takes place, like last year) and the <a href="https://nextcloud.com/blog/the-capital-of-albania-moves-to-nextcloud/" target="_blank">capital of Albania</a> merely the last in the long list.</li>
</ul>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-JLkjL2lSKxw/WYBpK8cHx4I/AAAAAAAAYNQ/kEBst1aX1oQIqrd1Ic-Yjm9M0qTKDEriQCLcBGAs/s1600/workshop.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="481" data-original-width="1600" height="192" src="https://3.bp.blogspot.com/-JLkjL2lSKxw/WYBpK8cHx4I/AAAAAAAAYNQ/kEBst1aX1oQIqrd1Ic-Yjm9M0qTKDEriQCLcBGAs/s640/workshop.jpg" width="640" /></a></div>
<br />
<h2>
We are doers</h2>
<br />
So the Nextcloud conference is where you can find a wide range of individuals with interest, skills and ideas in the area of <i>privacy and freedom activism</i>, and they are <strong>doers!</strong> There is a reason we say <em>"bring your laptop"</em> on our conference page, though with that we don't mean we only want coders there!<br />
<a href="https://2.bp.blogspot.com/-InREbftWa9A/WYBpKKHdCAI/AAAAAAAAYNI/mBzG-smgndwmWuYiyKp6JaimUp5Ti1otQCLcBGAs/s1600/teamwork.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="1200" data-original-width="1600" height="240" src="https://2.bp.blogspot.com/-InREbftWa9A/WYBpKKHdCAI/AAAAAAAAYNI/mBzG-smgndwmWuYiyKp6JaimUp5Ti1otQCLcBGAs/s320/teamwork.jpg" width="320" /></a><br />
Designers, activists and advocates are just as welcome. That is because Nextcloud is about more than technology. Frank is somebody who <a href="http://karlitschek.de/2017/06/is-doing-nothing-evil/">sometimes asks the hard questions</a> and obviously it his vision is a strong diver, but we're all long time open source and/or privacy activists and deeply and personally motivated. Our entire community is built on drive, passion and a will to take on the challenges our society offers in the area of privacy, self determination, <em>freedom.</em><br />
<br />
That is the <strong>why</strong> you should be there. To help make a difference.<br />
<br />
Now the <strong>what.</strong><br />
<strong><br /></strong>
<h2 style="text-align: left;">
Getting Stuff Done</h2>
Our goal is to get work done; and facilitate communication and collaboration in our community. During the week, we simply provide space to talk and code (with wired and wireless network, Club Mate & other drinks, and free lunch). In the weekend, we have a program with talks & workshops. The setup is simple:<br />
<br />
<a href="https://3.bp.blogspot.com/-Vuvzu23dvkI/WYBpK2RE6uI/AAAAAAAAYNM/1dO_cObLhrsQAgkueLmqyuZBFRkwql4ngCLcBGAs/s1600/waiting%2Bfor%2Btalks%2Bto%2Bstart.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" data-original-height="1068" data-original-width="1600" height="214" src="https://3.bp.blogspot.com/-Vuvzu23dvkI/WYBpK2RE6uI/AAAAAAAAYNM/1dO_cObLhrsQAgkueLmqyuZBFRkwql4ngCLcBGAs/s320/waiting%2Bfor%2Btalks%2Bto%2Bstart.jpg" width="320" /></a>In the morning, everybody is in one room. First, we all hear from long time privacy activist and <a href="https://nextcloud.com/blog/tristan-nitot-cloud-future-privacy/">former Mozilla president Tristan Nitot</a>. After that, community members working on a wide variety of interesting things around privacy/self hosting/open source and of course Nextcloud talk, shortly, about what they do. Just 3-8 minutes to give the audience an idea of their project, their plan, their idea, how to get involved, a call for action. Now again, everybody is in the room, so in the break, everybody has heard the same talks and has the same things to discuss! If <strong>you</strong> have something to add, be it about TOR, protests, encryption or anything else that is related: <a href="https://eventyay.com/e/de88e486/cfs/">SUBMIT A TALK!</a><br />
<br />
<h3 style="text-align: left;">
Collaboration & sharing ideas</h3>
<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: right; margin-left: 1em; text-align: right;"><tbody>
<tr><td style="text-align: center;"><a href="https://3.bp.blogspot.com/-igQQJgDlYoY/WYBpKMnyK5I/AAAAAAAAYNE/W859TRS0XzoCZXn86Oyun7p9hehRWk64ACLcBGAs/s1600/Nextcloud%2BBox%2Bfor%2BEducation%2Bin%2BBerlin.jpg" imageanchor="1" style="clear: right; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" data-original-height="1600" data-original-width="1338" height="320" src="https://3.bp.blogspot.com/-igQQJgDlYoY/WYBpKMnyK5I/AAAAAAAAYNE/W859TRS0XzoCZXn86Oyun7p9hehRWk64ACLcBGAs/s320/Nextcloud%2BBox%2Bfor%2BEducation%2Bin%2BBerlin.jpg" width="268" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Last year we announced the Nextcloud Box.<br />
This year - be there and find out!</td></tr>
</tbody></table>
People can look up the speakers, join the meetings proposed and so on, in the afternoon. Because after lunch we have 2 (or more, not sure yet) tracks of workshops as well as hacking, coding and meetings in the coding rooms. Unconference style, so to say.<br />
<br />
We now have several dozen talks and workshops already submitted and well over 100 people have registered but we are looking for more input in all areas so consider to be a part of this event!<br />
<br />
It is free and open, supported by the TU Berlin which offers us a free location; and Nextcloud GmbH which sponsors drinks & practical stuff; and SUSE Linux which sponsors the Saturday evening party!<br />
<br />
<a href="http://nextcloud.com/conf">Learn more and register!</a></div>
Jos Poortvliethttp://www.blogger.com/profile/05243886270488333877noreply@blogger.com0tag:blogger.com,1999:blog-12366865.post-42779896364171553722017-01-17T18:36:00.004+01:002017-01-18T17:55:08.042+01:00Happy Birthday ownCloud<div dir="ltr" style="text-align: left;" trbidi="on">Seven years ago at Camp KDE in San Diego, Frank announced a <a href="https://dot.kde.org/2010/01/21/camp-kde-2010-continues-more-talks" target="_blank">project to help people protect their privacy</a>, building an alternative to Dropbox: ownCloud.<br />
<br />
I was there, sharing a room with Frank at the infamous Banana Bungalow. Epic times, I can tell you that - there was lots of rum, lots of rain and loads of good conversations and making new friends.<br />
<br />
<a href="http://3.bp.blogspot.com/-jds47l2NWoY/WH5UAqZI8DI/AAAAAAAAXdM/wM-aGTW2pCY3ejGJn5sD9bQ6A99z6ccDQCK4B/s1600/20100122_012.jpg" imageanchor="1"><img border="0" height="240" src="https://3.bp.blogspot.com/-jds47l2NWoY/WH5UAqZI8DI/AAAAAAAAXdM/wM-aGTW2pCY3ejGJn5sD9bQ6A99z6ccDQCK4B/s320/20100122_012.jpg" width="320" /></a><a href="http://3.bp.blogspot.com/-mBWf7NnwYg8/WH5UAqFoojI/AAAAAAAAXdE/IjY4Px7TvbI8tmQGiWIxIb4noBfLtPEUACK4B/s1600/20100121_008.jpg" imageanchor="1"><img border="0" height="240" src="https://3.bp.blogspot.com/-mBWf7NnwYg8/WH5UAqFoojI/AAAAAAAAXdE/IjY4Px7TvbI8tmQGiWIxIb4noBfLtPEUACK4B/s320/20100121_008.jpg" width="320" /></a><br />
<a href="http://3.bp.blogspot.com/-DSD4BX5DjBQ/WH5UAvOcSNI/AAAAAAAAXc0/x7kcpyinSH8qcM9rSYlWvYu3SqzYvYFnACK4B/s1600/20100115_018.jpg" imageanchor="1"><img border="0" height="240" src="https://3.bp.blogspot.com/-DSD4BX5DjBQ/WH5UAvOcSNI/AAAAAAAAXc0/x7kcpyinSH8qcM9rSYlWvYu3SqzYvYFnACK4B/s320/20100115_018.jpg" width="320" /></a><a href="http://3.bp.blogspot.com/-rWez6PPrP3k/WH5UAlSscuI/AAAAAAAAXdA/usFLjhRsjssKhIE4EdijyDi6TPnyQzZvACK4B/s1600/20100115_005.jpg" imageanchor="1"><img border="0" height="240" src="https://3.bp.blogspot.com/-rWez6PPrP3k/WH5UAlSscuI/AAAAAAAAXdA/usFLjhRsjssKhIE4EdijyDi6TPnyQzZvACK4B/s320/20100115_005.jpg" width="320" /></a><br />
<a href="http://4.bp.blogspot.com/-hO2j_zTRcY0/WH5UAQxWu4I/AAAAAAAAXcs/tyN9Pr67CysiEDxvic6xCgr_Xz38uaulQCK4B/s1600/20100115_001.jpg" imageanchor="1"><img border="0" height="240" src="https://4.bp.blogspot.com/-hO2j_zTRcY0/WH5UAQxWu4I/AAAAAAAAXcs/tyN9Pr67CysiEDxvic6xCgr_Xz38uaulQCK4B/s320/20100115_001.jpg" width="320" /></a><br />
<br />
Since then, a lot has changed. But the people who started building a self-hosted, privacy protecting alternative in 2010 and 2011 are still on it! In 2011, a first meetup was held, and the 5 participants at that meetup recently got on stage at the Nextcloud conference to recall some good memories:<br />
<br />
<iframe width="100%" height="600" src="https://www.youtube.com/embed/4W5IPGi29kg" frameborder="0" allowfullscreen></iframe><br />
<br />
Of course, today we continue the work at Nextcloud, that just yesterday published its latest <a href="https://nextcloud.com/blog/nextcloud-bugfix-and-security-updates/">bugfix- and security update.</a> It is great to see so many people have stuck with us for all these years - just this month, the KDE sysadmins migrated their ownCloud instance to Nextcloud!<br />
<br />
We'll keep up the good work and you're welcome to join, either if you're <a href="https://nextcloud.com/jobs">looking for a job</a> or <a href="https://github.com/nextcloud">just want to code.</a> In both cases I can promise you: working with such a motivated, dedicated, professional team is just plain amazing.<br />
<br />
<a href="https://nextcloud.com/blog/congratulations-owncloud/">I also published a blog on our Nextcloud blog about this milestone.</a><br />
<br />
EDIT: By the way - there's a <a href="https://www.meetup.com/nextcloud-berlin/events/236650943/">meetup tonight in C-Base, B'lin, 19:00</a> - would be fun to drink a beer on ownCloud's birthday and talk about the future! Join! It will be at least until 10 or so, so if you can't be there before then - still come! ;-)<br />
</div>Jos Poortvliethttp://www.blogger.com/profile/05243886270488333877noreply@blogger.com0Berlin, Germany52.520006599999988 13.40495399999997552.21073109999999 12.759506999999974 52.829282099999986 14.050400999999976tag:blogger.com,1999:blog-12366865.post-21153537601371990372016-12-12T21:19:00.000+01:002016-12-12T21:19:05.524+01:00Wednesday: Release Party in Berlin!<div dir="ltr" style="text-align: left;" trbidi="on">
<div style="font-family: "Graphik Meetup", helvetica, arial, sans-serif; font-size: 16px; margin-bottom: 16px; padding: 0px;">
On wednesday is our Nextcloud meetup and - Nextcloud 11 will be released, so let's make it a release party! Bring some snacks if you like, let's drink a beer or two, get our servers upgraded perhaps.</div>
<div style="font-family: "Graphik Meetup", helvetica, arial, sans-serif; font-size: 16px; margin-bottom: 16px; padding: 0px;">
See and RSVP here:</div>
<div style="font-family: "Graphik Meetup", helvetica, arial, sans-serif; font-size: 16px; margin-bottom: 16px; padding: 0px;">
<a _mce_href="https://www.meetup.com/nextcloud-berlin/events/235596178/" href="https://www.meetup.com/nextcloud-berlin/events/235596178/" style="color: #1f24cc; cursor: pointer; display: inline; text-decoration: none;">https://www.meetup.com/nextcloud-berlin/events/235596178/</a></div>
<div style="font-family: "Graphik Meetup", helvetica, arial, sans-serif; font-size: 16px; margin-bottom: 16px; padding: 0px;">
<span style="font-weight: 600;">When</span>: Wednesday, December 14, 2016 7:00 PM</div>
<div style="font-family: "Graphik Meetup", helvetica, arial, sans-serif; font-size: 16px; margin-bottom: 16px; padding: 0px;">
<span style="font-weight: 600;">Where</span>: C-Base, RungestraĆe 20, 10179 Berlin</div>
<div style="font-family: "Graphik Meetup", helvetica, arial, sans-serif; font-size: 16px; margin-bottom: 16px; padding: 0px;">
We're in the main room. C-Base is at the river, all the way to the end from the street. You're there if you get geeky tingles from the murals :D</div>
<div style="font-family: "Graphik Meetup", helvetica, arial, sans-serif; font-size: 16px; margin-bottom: 16px; padding: 0px;">
I look forward to seeing you there, everyone's invited! That includes KDE friends, by the way, would be fun to see the bunch of you! You can RSVP in the comments here or on meetup.com...</div>
<div style="font-family: "Graphik Meetup", helvetica, arial, sans-serif; font-size: 16px; margin-bottom: 16px; padding: 0px;">
<br /></div>
<div style="font-family: "Graphik Meetup", helvetica, arial, sans-serif; font-size: 16px; margin-bottom: 16px; padding: 0px;">
CU there!</div>
</div>
Jos Poortvliethttp://www.blogger.com/profile/05243886270488333877noreply@blogger.com0tag:blogger.com,1999:blog-12366865.post-60758320089913095102016-11-25T18:33:00.000+01:002016-11-27T20:54:59.012+01:003 alternative reasons why you should test Nextcloud 11 Beta<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
</div>
On the Nextcloud blog I just published <a href="https://nextcloud.com/?p=1206" target="_blank">about the beta for Nextcloud 11</a>. The release will deliver many improvements and is worth checking out in itself, plus I put a nice clickbait-style title and gave three reasons to test it.<br />
<br />
But I actually have some more reasons to test. You see, Nextcloud is one of the tools we need to keep our democracy working. As Frank notes on <a href="http://karlitschek.de/" target="_blank">his home page</a>:<br />
<blockquote class="tr_bq">
"Privacy is the foundation of democracy"</blockquote>
And he is completely right. So, here are three different reasons why you should test (and help improve) Nextcloud:<br />
<br />
<h3 style="text-align: left;">
1. The USA is making a massive swing towards even more spying</h3>
Obama has done nothing to curb the growth of the NSA and the scope of its operations. <a href="http://www.vocativ.com/318400/us-secret-laws/" target="_blank">Secret laws spiked under his watch.</a> Many of the folks about to be put in power by President-elect Trump favor more spying, including on US citizens, expansion of the NSA, a crackdown on whistleblowers and more. <a href="http://arstechnica.com/tech-policy/2016/11/trumps-pick-for-cia-director-has-called-for-snowdens-execution/" target="_blank">Trump's pick for CIA director calls for Snowden's execution</a>. For what I can only guess must be giving proof of illegal government spying to dangerous terrorists like the Washington Post and the Guardian, who proceeded to win a Pulitzer prize by disclosing this information irresponsibly to the US public.<br />
<br />
In general, as somebody who <a href="http://www.businessinsider.de/james-mattis-trump-torture-2016-11" target="_blank">changes his stance on hugely important and complicated issues like torture in under an hour</a>, it is impossible to predict what Trump will do with the most powerful spying agency in the world under his control, but his appreciation for dictatorial figures like Kim Jong Il and Putin gives plenty cause for concern.<br />
<br />
<h3 style="text-align: left;">
2. Britain isn't doing much better</h3>
I <a href="http://blog.jospoortvliet.com/2016/11/brittains-snoopers-charter-threatens.html" target="_blank">wrote about the Snoopers' charter</a> just some days ago - this piece of legislation goes further than any earlier piece of spying law. It allows not only passive spying but also actively hacking devices from citizens.<br />
<br />
<h3 style="text-align: left;">
3. Nor is Europe</h3>
The UK is not alone. Since Snowden, Europe has complained a bit about the NSA but seems to <a href="http://www.nytimes.com/2015/10/28/opinion/europe-is-spying-on-you-mass-surveillance.html" target="_blank">simply follow suit</a>, rather than doing anything about it. Germany is even introducing a bill that will <a href="http://www.dailysabah.com/europe/2016/08/05/rsf-calls-on-germany-to-stop-bill-allowing-bnd-to-spy-on-foreign-journalists" target="_blank">allow spying on foreign journalists.</a><br />
<br />
<h3 style="text-align: left;">
Help out!</h3>
So, how can you help? Well, <a href="https://nextcloud.com/?p=1206" target="_blank">test Nextcloud 11 Beta</a>, obviously. Help others to use it, get them involved. But it goes beyond Nextcloud - promote the use of and help improve tools like Tor, Signal and others, or democracy is screwed.<br />
<br />
Edit: updated the blog </div>
Jos Poortvliethttp://www.blogger.com/profile/05243886270488333877noreply@blogger.com0tag:blogger.com,1999:blog-12366865.post-3606589874054983792016-11-22T18:16:00.002+01:002016-11-22T18:16:58.074+01:00Brittainās Snoopers charter threatens your privacy<div dir="ltr" style="text-align: left;" trbidi="on">
<table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: right; margin-left: 1em; text-align: right;"><tbody>
<tr><td style="text-align: center;"><a href="https://nextcloud.com/media/camera-head-man-uk-300x217.jpg" imageanchor="1" style="clear: right; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" src="https://nextcloud.com/media/camera-head-man-uk-300x217.jpg" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">pic from the ZDNet article</td></tr>
</tbody></table>
The United Kingdom this week passed the so called Snoopers Charter, a <a href="http://www.zdnet.com/article/snoopers-charter-expansive-new-spying-powers-becomes-law/" target="_blank">law which forces UK internet providers to store the browsing history of UK citizens for a full year</a>. You, your family, visitors or any devices in your household which have been hacked (<a href="http://www.wired.co.uk/article/ip-bill-law-details-passed" target="_blank">the government is now allowed to do that, by the way</a>) better not visit anything bad as the government can get their hands on this data quite easily. What does this mean and what can you do?<br />
<br />
<h2>
An attack on privacy</h2>
There is a global siege on privacy. Governments all over the world have introduced legislation (<a href="http://www.nytimes.com/2016/10/18/opinion/the-governments-addiction-to-secret-law.html" target="_blank">sometimes secret</a>) which forces email, internet or data storage providers to track what you do and make that data available to their governments. This, of course, also means third parties who gain access to the storage systems can see and abuse it. And because so many of us have put so much of our data at just a few providers, we're at great risk as events like last week's shutdown of <a href="https://nextcloud.com/?p=1194" target="_blank">hundreds of Google accounts did show</a>.<br />
<br />
While Google, Dropbox and others lure customers in with 'free' data storage and great online services, governments benefit from centralized data storages as it makes it easy for them to hack in or demand data from these companies.<br />
<br />
<h2>
Why this surveillance?</h2>
While governments usually claim they need access to this data to find terrorists or child pornography, experts point out that it will not be helpful at all. As <a href="http://www.newyorker.com/magazine/2015/01/26/whole-haystack" target="_blank">multiple</a> <a href="https://www.theguardian.com/commentisfree/2014/nov/28/bigger-haystack-harder-terrorist-communication-future-attacks" target="_blank">experts</a> (<a href="https://theintercept.com/2015/05/28/nsa-officials-privately-criticize-collect-it-all-surveillance/" target="_blank">even internally</a>) put it, <strong>growing the haystack makes it harder to find the needle</strong>. Intelligence agencies are swamped with data and nearly every terrorist attack in western states over the last decade took place despite the agencies having all information they would have needed to prevent it. The Paris attackers, for example, <a href="https://www.techdirt.com/articles/20151118/08474732854/after-endless-demonization-encryption-police-find-paris-attackers-coordinated-via-unencrypted-sms.shtml" target="_blank">coordinated their attack using plain SMS messages</a>. The Guardian thus rightly <a href="https://www.theguardian.com/commentisfree/2015/nov/20/paris-attacks-political-agenda-immigration-encryption-surveillence">points out</a> that:<br />
<blockquote>
"Paris is being used to justify agendas that had nothing to do with the attack"</blockquote>
which has become a familiar refrain after nearly every terrorist attack.<br />
<br />
Indeed, we all know the argument <em>But you have nothing to hide, do you?</em> and indeed, we probably don't. But some people do, so they'll try to avoid being seen. That being illegal won't change their behavior...<br />
<br />
And as Phill Zimmermann, the inventor of the PGP encryption pointed out:<br />
<blockquote>
"When privacy is outlawed, only outlaws will have privacy"</blockquote>
<br />
<h2>
So not terrorists. Then what?</h2>
Experts agree that the vast majority of these surveillance and anti-privacy laws have little or no effect on real criminals. The crime syndicates, corrupt politicians and large corporations evading taxes and anti-trust/health/environmental laws, they DO have <b>something to hide</b>, and thus they would use encryption or avoid surveilled communication methods even if it were outlawed.<br />
<br />
However, ordinary citizens, including grass-roots local activists, charitable organizations, journalists and others, who <strong>DO</strong> have nothing to hide, would be surveilled closely. And with that information, the real criminals mentioned earlier - crime syndicates, corporations or corrupt politicians - would have weapons in hand to keep these citizens from bothering them. Whistle blowers can be found out and killed (<a href="http://www.thedailybeast.com/articles/2014/10/21/she-tweeted-against-the-mexican-cartels-they-tweeted-her-murder.html" target="_blank">like in Mexico</a>), journalists can be harassed and charged for trivial transgressions (<a href="http://www.wdaz.com/news/north-dakota/4112656-reporter-who-documented-guard-dogs-charged-trespassing-pipeline-protest" target="_blank">like was recently done at the US pipeline protest</a>) and charities can be extorted.<br />
<br />
<h2>
What can we do?</h2>
Luckily, there are initiatives like the <a href="http://cyberlaw.stanford.edu/our-work/projects/crypto-policy-project" target="_blank">Stanford Law Schools' Crypto Policy Project</a> which aim to train, for example, journalists in the use of encryption. Tools and initiatives like <a href="https://whispersystems.org/" target="_blank">Signal</a>, PGP email encryption, <a href="http://letsencrypt.org/" target="_blank">Let's Encrypt</a> and <a href="https://nextcloud.com/">Nextcloud</a> provide the ability for users to protect themselves and their loved ones from surveillance. More importantly, these at the same time making it harder and more costly to conduct mass surveillance.<br />
<br />
There is nothing wrong with governments targeting criminals with surveillance but just vacuuming up all data of all citizens that might, some day, be used is a massive risk for our democracy. We all have a responsibility to decentralize and use tools to protect our privacy so those who need it (press, activists and others) have a place to hide.</div>
Jos Poortvliethttp://www.blogger.com/profile/05243886270488333877noreply@blogger.com0tag:blogger.com,1999:blog-12366865.post-50551833118311162912016-09-29T11:43:00.001+02:002016-09-29T12:09:26.526+02:00Get started with Nextcloud App development in 6 easy steps!<div dir="ltr" style="text-align: left;" trbidi="on"><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://3.bp.blogspot.com/-aLXxRWe2Wvw/V-zhS1s4pNI/AAAAAAAAXKY/fr03JGAfDSokAM3UjVq1kATpPf2nKWgHQCLcB/s1600/Screenshot_20160928_234225.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="398" src="https://3.bp.blogspot.com/-aLXxRWe2Wvw/V-zhS1s4pNI/AAAAAAAAXKY/fr03JGAfDSokAM3UjVq1kATpPf2nKWgHQCLcB/s640/Screenshot_20160928_234225.png" width="640" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">The brand new app scaffolding tool in our app store</td></tr>
</tbody></table>Last night, Bernhard Posselt finished <a href="https://apps.nextcloud.com/developer/apps/generate">the app scaffold tool in the app store</a>, making it easy to get up and running with app development. I was asked on twitter to blog about setting up a development environment, so... here goes.<br />
<br />
What's simpler than downloading a zip file, extracting it and running a command in the resulting folder to get an Nextcloud server up on <code>localhost</code> for hacking?<br />
<br />
Yes, it can be that simple, though it might require a few minor tweaks and you have to make sure to have all Nextcloud dependencies installed.<br />
<br />
Note that this is useful if you want to develop an Nextcloud app. If you want to develop on the Nextcloud core, a git checkout is the way to go and you'll need some extra steps to get the dependencies in place, <a href="https://docs.nextcloud.com/server/10.0/developer_manual/core/index.html" target="_blank">get started here</a>. Feedback on this process is highly appreciated, especially if it comes with a <a href="https://github.com/nextcloud/documentation">pull request for our documentation</a> of course ;-)<br />
<br />
<h2>Step 1 and Two: Dependencies</h2><ul style="text-align: left;"><li>Install PHP and <a href="https://docs.nextcloud.com/server/10/admin_manual/installation/source_installation.html#prerequisites-label" target="_blank">the modules mentioned here</a><br />
Your distro should make the installation easy. Try these:<br />
<ul style="text-align: left;"><li><b>openSUSE</b>: <code>zypper in php5 php5-ctype php5-curl php5-dom php5-fileinfo php5-gd php5-iconv php5-json php5-ldap php5-mbstring php5-openssl php5-pdo php5-pear php5-posix php5-sqlite php5-tokenizer php5-xmlreader php5-xmlwriter php5-zip php5-zlib</code></li>
<li><b>Debian</b>: <code>apt-get install php5 php5-json php5-gd php5-sqlite curl libcurl3 libcurl3-dev php5-curl php5-common php-xml-parser php5-ldap bzip2 </code></li>
</ul></li>
<li>Make Nextcloud session management work under your own user account.<br />
Either <a href="http://php.net/manual/en/function.session-save-path.php" target="_blank">change the path of php session files</a> or <code>chmod 777</code> the folder they are in, usually something like <code>/var/lib/php</code> (debian/SUSE) or <code>/var/lib/php/session</code> (Red Hat).</li>
</ul><br />
<h2>The Final Four Steps</h2><ul style="text-align: left;"><li>Download the <a href="https://nextcloud.com/install" target="_blank">latest Nextcloud zip file</a>.</li>
<li>Extract it in a folder where you want to get going.</li>
<li>Enter the folder and execute: <code>php -S localhost:5000</code></li>
<li>Visit <a href="http://localhost:5000/">http://localhost:5000</a> in your browser</li>
</ul><br />
Nextcloud should present you with its installation steps! Give your username and password and you're up and running with SQLite.<br />
<br />
<h2>Start with the app</h2>Now you create a subfolder in the nextcloud/apps with the name of your app and put in a skeleton. You can generate an app skeleton really easy: <a href="https://apps.nextcloud.com/developer/apps/generate">use the scaffolding tool</a>, part of our new app store for Nextcloud 11!<br />
<br />
It's probably wise to now get going with the <a href="https://docs.nextcloud.com/server/10.0/developer_manual/app/tutorial.html" target="_blank">app development tutorial here</a>. This isn't updated for the scaffolding tool yet, so you'll have a head start here. Be sure to check out <a href="https://docs.nextcloud.com/server/10.0/developer_manual/app/changelog.html" target="_blank">the changelog</a>, we try to make sure the latest changes are noted there so even if we didn't manage to fully update the tutorial, you can find out what will and won't work in the changelog. Also, be sure to update the links to get the latest dev doc - this all links to 11, once that is out it is probably better to directly target 12 and so on.<br />
<br />
<h2>Help and feedback</h2>Your input is very much welcome! If you run through these steps and get stuck somewhere, let me know and I'll update the documentation. Or, of course better still, do a <a href="https://github.com/nextcloud/documentation" target="_blank">pull request on the documentation right in github</a>. You don't even have to do a full checkout, smaller fixes can easily be done in the web interface on github.<br />
<br />
Last but not least, ask questions <a href="https://help.nextcloud.com/c/dev/app-dev">on our forums in the app dev channel</a> or on IRC. Here is <a href="irc://#nextcloud-dev@freenode.net" target="_blank">the Nextloud development IRC chat channel</a> on freenode.net, also accessible via <a href="https://webchat.freenode.net/?channels=nextcloud-dev" target="_blank">webchat</a>.<br />
<br />
Thanks, good luck, and have fun building Nextcloud apps!</div>Jos Poortvliethttp://www.blogger.com/profile/05243886270488333877noreply@blogger.com0tag:blogger.com,1999:blog-12366865.post-47644059270810224152016-09-05T16:35:00.001+02:002016-09-05T20:00:06.040+02:00Akonadi/KMail issues on Tumbleweed?<div dir="ltr" style="text-align: left;" trbidi="on">So if you, like me, have experienced how smoothly Akonadi deals with crashes and think it is still annoying, there's a solution. The problem is caused by Xapian which creates some nice backtraces but until it is fixed you are stuck with a crash every ~minute.<br />
<br />
The solution is in <a href="https://lists.opensuse.org/opensuse-factory/2016-08/msg00370.html" target="_blank">this email</a> from Christian Boltz:<br />
<code><br />
I created a repo with the previous version of libxapian, and akonadi-* and baloo linkpac'd from Factory (so rebuilt against the old libxapian): <a href="https://build.opensuse.org/project/show/home:cboltz:branches:openSUSE:Factory">https://build.opensuse.org/project/show/home:cboltz:branches:openSUSE:Factory</a><br />
<br />
Packages at <a href="http://download.opensuse.org/repositories/home:/cboltz:/branches:/openSUSE:/Factory/standard/">http://download.opensuse.org/repositories/home:/cboltz:/branches:/openSUSE:/Factory/standard/</a><br />
<br />
Since I installed these packages (using zypper dup --from), I didn't see any akonadi crashes.<br />
<br />
If someone wants to use the fixed packages _now_: I'll keep the repo as long as it's useful for me ;-) -> this is clearly caused by the libxapian update (libxapian22 -> libxapian30) </code><br />
<br />
In other words, you fix it this way:<br />
<code><br />
zypper ar http://download.opensuse.org/repositories/home:/cboltz:/branches:/openSUSE:/Factory/standard akonadi-fix<br />
zypper ref<br />
zypper lr<br />
</code>Now find the number of the new repository (akonadi-fix) and:<br />
<code>zypper dup --from 4</code><br />
(where 4 is the number of the repo in my case).<br />
<br />
Then OK the result and done, the mail client which, despite all its issues, continues to be the only one I can stand working with is smooth sailing again ;-)<br />
<br />
Oh, to fix the mess Xapian made of the database, you probably should stop akonadi and remove the search DB, it will get re-indexed:<br />
<code>akonadictl stop<br />
rm -rf ~/.local/share/akonadi/search_db<br />
rm ~/.config/.baloorc<br />
akonadictl start<br />
</code><br />
<br />
Greetings from <a href="https://akademy.kde.org/">#Akademy2016</a> by the way!<br />
</div>Jos Poortvliethttp://www.blogger.com/profile/05243886270488333877noreply@blogger.com0tag:blogger.com,1999:blog-12366865.post-78139559288138597692016-09-02T13:22:00.000+02:002017-10-19T10:28:06.030+02:00Kickstarting conversations with lightning talks.<div dir="ltr" style="text-align: left;" trbidi="on"><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-fmz_31XkMC4/V8lbDMxk7tI/AAAAAAAAXBE/tnw7P-YD2wEIuT7W7zEFzDuRUdEzdkbkwCLcB/s1600/c5de4d123454c2a83ec9a49b7a41cce47744469d%2B%25281%2529.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="212" src="https://1.bp.blogspot.com/-fmz_31XkMC4/V8lbDMxk7tI/AAAAAAAAXBE/tnw7P-YD2wEIuT7W7zEFzDuRUdEzdkbkwCLcB/s320/c5de4d123454c2a83ec9a49b7a41cce47744469d%2B%25281%2529.png" width="320" /></a></div>A lot of people are coming to the <a href="https://conf.nextcloud.com/" target="_blank">Nextcloud conference</a> to discuss ideas they have with others and I've been telling them to submit a lightning talk. As that is the idea of the lightning track on Saturday and Sunday: present yourself and the project you (want to) work on, inspire, share ideas. That way, others can then find you and talk to you afterward!<br />
<br />
Last year I wrote a longer <a href="https://opensource.com/life/15/10/how-to-plan-lightning-talks" target="_blank">article about that</a> on opensource.com, but this is the gist of it: <b>it is a conversation kickstarter</b>! Our event is very hands-on (<a href="https://conf.nextcloud.com/" target="_blank">bring your laptop</a>, we say!) and the program is mostly there to facilitate the natural flow of ideas and code.<br />
<br />
So we have three kinds of sessions:<br />
<br />
<ul style="text-align: left;"><li><b>Keynote</b> = inspiration. Everyone joints to listen to a fascinating story! <a href="https://nextcloud.com/nextcloud-conference-keynote-speakers-and-launch-event/" target="_blank">Our keynote speakers are Karen and Jane</a>.</li>
<li><b>Lightning talks</b> = sharing. Everyone in one room listens to what others are thinking about, working on or inspired by. Then, after, you look each other up and start talking and doing! Think 'unconference'.</li>
<li><b>Workshops</b> = learning and collaborating. They're coding, interactive, either teaching/learning or more "let's work on X for an hour together".</li>
</ul><br />
The event starts in two weeks at the TU Berlin: September 16-23 so it is time to book your trip. If you care about open source, privacy-protecting cloud services it is a great place to find like-minded folks!<br />
<h2 style="text-align: left;"><a href="https://nextcloud.com/conf" imageanchor="1" ><img border="0" src="https://raw.githubusercontent.com/nextcloud/promo/8dbb6978d22761589b012ec440d8ab11cc9bb46f/conference/conference-social-media-banner.png" /></a><br />
What's coming?</h2><br />
Besides the <a href="https://nextcloud.com/nextcloud-conference-keynote-speakers-and-launch-event/" target="_blank">keynotes</a> by Karen Sandler (Managing DIrector at SFC) and Jane Silber (CEO of Canonical) We have some 30 sessions already submitted, just a selection:<br />
<br />
<ul style="text-align: left;"><li><a href="https://conf.nextcloud.com/conference/NextcloudConference2016/program/proposal/5" target="_blank">Nextcloud Security</a> by Lukas Reschke</li>
<li><a href="https://conf.nextcloud.com/conference/NextcloudConference2016/program/proposal/3" target="_blank">Enterprise grade two factor authentication with Nextcloud</a> by Cornelius Kƶlbel</li>
<li><a href="https://conf.nextcloud.com/conference/NextcloudConference2016/program/proposal/10" target="_blank">Upcoming features of Android Nextcloud</a> by Tobias Kaminsky</li>
<li><a href="https://conf.nextcloud.com/conference/NextcloudConference2016/program/proposal/12" target="_blank">Nextcloud Scalability with a concept design for 10.000 users</a> by Dennis Pennings (<a href="https://nextcloud.com/friday-focus-enterprise-use-of-nextcloud-at-the-conference/" target="_blank">Friday program</a>!)</li>
<li><a href="https://conf.nextcloud.com/conference/NextcloudConference2016/program/proposal/15" target="_blank">Installing NextCloud with SSL/TLS in less than 5 minutes on UBOS</a> by Johannes Ernst</li>
<li><a href="https://conf.nextcloud.com/conference/NextcloudConference2016/program/proposal/21" target="_blank">MySQL Database Scalability</a> by Oli Sennhauser (<a href="https://nextcloud.com/friday-focus-enterprise-use-of-nextcloud-at-the-conference/" target="_blank">Friday program</a>!)</li>
<li><a href="https://conf.nextcloud.com/conference/NextcloudConference2016/program/proposal/23" target="_blank">Next generation of federation</a> by Bjƶrn SchieĆle (<a href="https://nextcloud.com/friday-focus-enterprise-use-of-nextcloud-at-the-conference/" target="_blank">Friday program</a>!)</li>
<li><a href="https://conf.nextcloud.com/conference/NextcloudConference2016/program/proposal/33" target="_blank">Theming your Nextcloud</a> by Julius Haertl</li>
<li><a href="https://conf.nextcloud.com/conference/NextcloudConference2016/program/proposal/35" target="_blank">Collabora Online</a> by Michael Meeks</li>
<li><a href="https://conf.nextcloud.com/conference/NextcloudConference2016/program/proposal/36" target="_blank">Performance Testing at Nextcloud</a> by Morris Jobke</li>
</ul><br />
More still coming, I know Cornelius Schumacher wanted to talk about the importance of privacy-protecting cloud services (if his family can miss him for the weekend...) and I still have some other talks to approve in the queue.<br />
The gist of it is that we'll have a lot of technical people, the folks who wrote Nextcloud as well as many others who contributed and have been using it, from home users to enterprise and educational or government agencies - all together to discuss and work on where our technology is going.<br />
<br />
Oh, and we have a surprise on Friday afternoon. ;-)<br />
<br />
<a href="https://conf.nextcloud.com/" target="_blank">Check it out</a> and see you there!<br />
</div>Jos Poortvliethttp://www.blogger.com/profile/05243886270488333877noreply@blogger.com0tag:blogger.com,1999:blog-12366865.post-50259625963642179092016-08-25T13:21:00.002+02:002016-08-25T13:21:58.559+02:00Latest attacks on privacy...<div dir="ltr" style="text-align: left;" trbidi="on">
With the EU (in this case France and Germany) gearing up for <a href="http://www.theverge.com/2016/8/24/12621834/france-germany-encryption-terorrism-eu-telegram">another attack on privacy</a> I'm quite happy and proud to have been part of the <a href="https://nextcloud.com/secure-monitor-and-control-your-data-with-nextcloud-10-get-it-now/">release of Nextcloud 10!</a><br />
<br />
<h2>
Privacy</h2>
It is the usual story: we should disallow companies from using perfect end to end encryption and force them to insert backdoors against <strong>terrorists</strong>.<br />
<br />
Not that it would help - that's been discussed extensively already but in short:<br />
<ul>
<li>If you have nothing to hide, you'll use a backdoored app and you're vulnerable to foreign (and your own) governments, terrorists (!), criminals and others who can abuse your data in more ways than you can imagine.</li>
<li>If you have something to hide, you can use 1000 different tools to do so and there is nothing government can do about that so you won't use a backdoored app.</li>
<li>And note that government has failed to even use fully <strong>un</strong>encrypted information to stop terrorist attacks so perhaps we should first see if they can actually get their act together there.</li>
</ul>
Now yes, backdooring all commonly used encryption apps will help a BIT, essentially only with the low level, common crime. So you might catch the dude who broke into your house and bragged about it to his friends over Whatsapp. You won't catch the terrorists plotting with Al Qaida (or whatever the terrorist organization du-jour) to blow up a train because they can simply get one of the many solutions out there to protect themselves.<br />
<br />
Nor will you catch corrupt politicians or big companies doing nasty stuff, though I am quite certain the laws will be written in such a way that you can use them to go after people who actually try to <strong>expose</strong> such politicians or companies.<br />
<br />
And I'm also quite certain companies will use this as an excuse to not implement proper protection in their products so you can continue to <a href="http://www.forbes.com/sites/singularity/2012/12/06/yes-you-can-hack-a-pacemaker-and-other-medical-devices-too/#25f4f7a813e0">stop pacemakers remotely</a> or <a href="https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/">disable the brakes in cars over the internet</a>.<br />
<br />
Generally, laws targeting encryption and terrorism do more to harm whistleblowing than terrorism and are thus promoting corruption and bad, unsecure products.<br />
<br />
These laws will literally cost lives. Not save any.<br />
<br />
And it is <strong>exactly</strong> why Frank started ownCloud and why we continue to develop that vision at Nextcloud. And keep developing new features, like the <a href="https://nextcloud.com/file-access-control-a-firewall-for-your-private-files-in-nextcloud/">File Access Control app</a> which can provide an extra protective layer around your data. I for one certainly can use that app and exactly in the way described in that blog! So much for <i>'enterprise only features'</i>.<br />
<a href="https://nextcloud.com/wp-content/themes/next/assets/img/features/FileAccessControl-at-home.png?b5c7ea" imageanchor="1"><img border="0" height="269" src="https://nextcloud.com/wp-content/themes/next/assets/img/features/FileAccessControl-at-home.png?b5c7ea" width="640" /></a><br />
<br />
Get it <a href="http://blog.jospoortvliet.com/2016/06/migrating-to-nextcloud-9.html" target="_blank">and migrate</a> today. You and your data deserve it!</div>
Jos Poortvliethttp://www.blogger.com/profile/05243886270488333877noreply@blogger.com0tag:blogger.com,1999:blog-12366865.post-23904921534161870662016-08-17T21:03:00.000+02:002016-08-17T21:03:37.083+02:00FrOSCon and the future of private clouds<div class="separator" style="clear: both; text-align: center;"><a href="https://2.bp.blogspot.com/-N-NB9-TDOhc/V7LuKZo7YvI/AAAAAAAAW9A/5yPmckcK6hYYylA8zKt0fggdCrJk4rwLgCLcB/s1600/froscon_logo.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" src="https://2.bp.blogspot.com/-N-NB9-TDOhc/V7LuKZo7YvI/AAAAAAAAW9A/5yPmckcK6hYYylA8zKt0fggdCrJk4rwLgCLcB/s1600/froscon_logo.png" /></a></div><div dir="ltr" style="text-align: left;" trbidi="on">This Saturday I'll <a href="https://programm.froscon.de/2016/events/1815.html" target="_blank">talk at FrOSConabout</a> the future of private clouds and how Nextcloud is pushing that.<br />
<br />
Frank won't make it, sadly, as he's in Denmark speaking at another event. Or somewhere else, his travel is a bit crazy lately ;-)<br />
<br />
<h2>Future of private clouds</h2>Frank blogged last week about <a href="http://karlitschek.de/2016/08/a-vision-for-nextcloud/" target="_blank">a vision for Nextcloud</a> and we've been thinking and discussing this at our <a href="https://nextcloud.com/hackweek-30-participants-roadmaps-app-store-and-more/">hackweek with about 30 community members as well</a>. It was quite amazing to bring so many people together and discuss these things!<br />
<br />
Afterwards we've brought most of the topics to our forums or github, including our <a href="https://github.com/nextcloud/server/issues/745">ambitious Nextcloud 11 roadmap</a>. I'll certainly talk about some of those things this weekend at FrOSCon:<br />
<ul> <li>Communication integration</li>
<li>New app store</li>
<li>New updater</li>
<li>Federation</li>
</ul>And more. Today or tomorrow we'll release a RC of Nextcloud 10 and I'll discuss what we've done there as well, what is new and improved, small and big.<br />
<br />
If you like to get involved in the 'future', join us at <a href="http://conf.nextcloud.com">our conference</a>!</div>Jos Poortvliethttp://www.blogger.com/profile/05243886270488333877noreply@blogger.com0tag:blogger.com,1999:blog-12366865.post-77634199040636794172016-06-16T11:45:00.001+02:002016-08-29T12:04:59.676+02:00Migrating to Nextcloud 9<div dir="ltr" style="text-align: left;" trbidi="on">
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-ZaVSfM7FdTE/V2J2Bx-a95I/AAAAAAAAW1s/6oL5oK1VBOYsZ8RG5Xz9y3--kVjOVLIDACLcB/s1600/Screenshot_20160616_114834.png" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="260" src="https://2.bp.blogspot.com/-ZaVSfM7FdTE/V2J2Bx-a95I/AAAAAAAAW1s/6oL5oK1VBOYsZ8RG5Xz9y3--kVjOVLIDACLcB/s1600/Screenshot_20160616_114834.png" width="390" /></a></div>
Now that Nextcloud 9 is out, many users are already interested in migration so I'd like to address the why and how in this blog post.<br />
<br />
<i>Edit</i>: <a href="https://nextcloud.com/secure-monitor-and-control-your-data-with-nextcloud-10-get-it-now/" target="_blank">Nextcloud 10 is out</a> with loads of unique features. We now also have a client! You can find out about <a href="https://help.nextcloud.com/t/copy-the-owncloud-sync-client-configuration-when-switching-to-the-nextcloud-client/2537" target="_blank">client account migration here</a>.<br />
<br />
<h2>
Why migrate</h2>
Let's start with the why. First, you don't <strong>have</strong> to migrate yet. This release as well as at least the upcoming releases of own- and Nextcloud will be compatible so you'll be able to migrate between them in the future. We don't want to break compatibility if we can avoid it!<br />
<br />
Of course, right now Nextcloud 9 has some extra features and fixes and future releases will introduce other capabilities. With regards to security, we have <a href="https://statuscode.ch/2016/06/security-and-nextcloud-9/" target="_blank">Lukas Reschke</a> working for us. However, we promise that for the foreseeable future we will continue to report all security issues we find to upstream in advance of any release we do. That means well ahead of our usual public disclosure policy, so security doesn't have to be a reason for people to move.<br />
<br />
<i>Edit</i>: <a href="https://nextcloud.com/secure-monitor-and-control-your-data-with-nextcloud-10-get-it-now/" target="_blank">Nextcloud 10</a> comes with far more features on top of this. For Nextcloud 11 we have a ambitious road map already but we'll still enable migration from ownCloud 9.1 to Nextcloud 11 so you can migrate at your leisure!<br />
<h2>
Migration overview</h2>
If you've decided to migrate there are a number of steps to go through:<br />
<ul style="text-align: left;">
<li>Make sure you have everything set up properly and do a backup</li>
<li>Move the old ownCloud install, preserving data and config</li>
<li>Extract Nextcloud, correct permissions and put back data and config</li>
<li>Switch data and config</li>
<li>Trigger the update via command line or the web UI</li>
</ul>
Note that we don't offer packages. This has been just too problematic in the past and while we might offer some for enterprise distributions, we hope to work together with distributions to create packages for Nextcloud 9 and newer releases. Once that is done we will of course link to those on our installation page.<br />
<br />
There are other great resources besides this blog, especially <a href="https://help.nextcloud.com/t/migrating-from-owncloud-to-nextcloud/551/23">this awesome post on our forums</a> which gives a great and even more detailed overview of a migration with an Ubuntu/NGINX/PHP7/MariaDB setup.<br />
<br />
<i>Edit</i>: With regard to packages, there are now packages for CentOS and Fedora and other distributions will likely follow soon. See our <a href="https://github.com/nextcloud/server-packages" target="_blank">packages repository</a> if you want to help!<br />
<br />
<h3>
Preparation</h3>
First, let's check if you're set up properly. Make sure:<br />
<ul style="text-align: left;">
<li>You are on ownCloud 8.2.3 or later</li>
<li>Make sure you have <a href="https://docs.nextcloud.org/server/9/admin_manual/installation/system_requirements.html" target="_blank">all dependencies</a></li>
<li>Your favorite apps are compatible (with ownCloud 9), you can check this by visiting the app store at apps.owncloud.com</li>
<li>You made <a href="https://docs.nextcloud.org/server/9/admin_manual/maintenance/backup.html" target="_blank">a backup</a></li>
</ul>
Once that's all done, time to move to the next step: cleaning out the old files.<br />
<br />
<h3>
Removing old files</h3>
In this step, we'll move the existing installation preserving the data and configuration.<br />
<ul style="text-align: left;">
<li>Put your server in maintenance mode. Go to the folder ownCloud is installed in and execute <code>sudo -u www-data php occ maintenance:mode --on</code> (www-data has to be your HTTP user). You can also edit your <code>config.php</code> file and changing <code>'maintenance' => false</code>, to <code>'maintenance' => true,</code>.</li>
<li>Now move the data and config folder out of the way. Best to go to your webserver folder (something like <code>/var/www/htdocs/</code> and do a <code>mv owncloud owncloud-backup</code></li>
</ul>
<br />
<h3>
Deploying Nextcloud</h3>
Now, we will put Nextcloud in place.<br />
<ul style="text-align: left;">
<li>Grab Nextcloud <a href="https://nextcloud.com/install" target="_blank">from our download page</a> or use wget: <code>wget https://download.nextcloud.com/server/releases/nextcloud-9.0.50.zip</code></li>
<ul>
<li>Optional: you can verify if the download went correct using our MD5 code, see <a href="https://nextcloud.com/install/#instructions-server" target="_blank">this page</a>. Run <code>md5sum nextcloud-9.0.50.zip</code>. The output has to match this value: <code>5ae47c800d1f9889bd5f0075b6dbb3ba</code></li>
</ul>
<li>Now extract Nextcloud: <code>unzip nextcloud-9.0.50.zip</code> or <code>tar -xvf nextcloud-9.0.50.tar.bz2</code></li>
<li>Put the config.php file in the right spot: <code>cp owncloud-backup/config/config.php nextcloud/config/config.php</code></li>
<li>Now change the ownership of the files to that of your webserver, for example <code>chown wwwrun:www * -R</code> or <code>chown www-data *</code></li>
<li>If you keep your data/ directory in your <code>owncloud/</code> directory, copy it to your new <code>nextcloud/</code> <strong><a href="https://www.blogger.com/blogger.g?blogID=12366865#note">[*]</a></strong>. If you keep it outside of owncloud/ then you don't need to do anything as its location is in config.php.</li>
</ul>
<br />
<a href="https://www.blogger.com/null" name="note"></a><strong>* Note</strong> that if you have been upgrading your server from before ownCloud 6.0 there is a risk that moving the data directory causes issues. It is best to keep the folder with Nextcloud named 'owncloud'. This also avoids having to change all kinds of settings on the server, so it might be a wise choice in any case: rename the nextcloud folder to owncloud.<br />
<br />
<h3>
Now upgrade!</h3>
Next up is restarting the webserver and upgrading.<br />
<ul style="text-align: left;">
<li>Restart your webserver. How depends on your distribution. For example, <code>rcapache2 restart</code> on openSUSE, <code>service restart apache2</code> on Ubuntu.</li>
<li>You can now trigger the update either via OCC or via web. Command line is the most reliable solution. Run it as <code>sudo -u apache php occ upgrade</code> from the nextcloud folder. This has to run as the user of your webserver and thus can also be <code>www-data</code> or <code>www</code> for example.</li>
<li>Then, finally, turn of maintenance mode: <code>sudo -u www-data php occ maintenance:mode --off</code><br />
</li>
</ul>
<h2>
That's it!</h2>
At this point, you'll see the fresh blue of a Nextcloud server! If you encounter any issues with upgrading, discuss them <a href="https://help.nextcloud.com/">on our forums</a>.</div>
Jos Poortvliethttp://www.blogger.com/profile/05243886270488333877noreply@blogger.com0Berlin, Germany52.520006599999988 13.40495399999997552.210736099999991 12.759506999999974 52.829277099999985 14.050400999999976tag:blogger.com,1999:blog-12366865.post-89206289850570512752016-06-14T14:15:00.000+02:002016-06-14T15:16:53.599+02:00On Open Source, forking and collaboration: Nextcloud 9 is here!<div dir="ltr" style="text-align: left;" trbidi="on">The nature of Open Source is, in a sense, dualistic. It encourages collaboration through the threat of not collaborating--a fork. When I was approached by Struktur AG to join them to work on ownCloud and Spreed, I loved the idea. I always wanted an ecosystem around ownCloud, which is why I pushed things forward like our collaboration with Western Digital Labs and Collabora, matters of no business interest to the company I worked for. I believe a stronger ecosystem benefits everybody.<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://3.bp.blogspot.com/-OkdHsACZhTg/V2ADtepXhXI/AAAAAAAAW0k/W9Jt0YpN9v4VXwKrLMAcU1RhIs7lsbeawCLcB/s1600/log-in-big.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://3.bp.blogspot.com/-OkdHsACZhTg/V2ADtepXhXI/AAAAAAAAW0k/W9Jt0YpN9v4VXwKrLMAcU1RhIs7lsbeawCLcB/s640/log-in-big.jpg" /></a></div><h2>Ecosystems and confidence</h2><div style="text-align: right;"></div>A major point which makes open source so beneficial for businesses is that it puts pressure on suppliers to offer great service and support. If they don't, another can enter the market and out-service them. Tight control over the community tough things like CLA and trademark makes it hard to grow such an ecosystem and negates some of the benefits of open source for customers. <br />
<br />
Luckily, in the end, the AGPL license protects the future of a project, even if its steward clings to power. From conversations with Niels early on, it was clear to me that he has a very different and very confident view on his ability to run a real open source company. His history at Red Hat results in frequent comparisons. And indeed, Red Hat runs things the right way, even supporting a project like CentOS which many other companies would consider an existential threat to their business model. Just as their investment in <a href="https://opensource.com/">opensource.com</a> shows: <em>they aim to grow the pie, not grab a bigger slice</em>.<br />
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://2.bp.blogspot.com/-O0EXDLwkEsE/V1_6AFtMm9I/AAAAAAAAW0U/gkZRPhVlO-wz_FZGRdSf4Ch9X6A9uTP1gCLcB/s1600/files%2Bdrop.gif" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="269" src="https://2.bp.blogspot.com/-O0EXDLwkEsE/V1_6AFtMm9I/AAAAAAAAW0U/gkZRPhVlO-wz_FZGRdSf4Ch9X6A9uTP1gCLcB/s320/files%2Bdrop.gif" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">former 'enterprise feature' done right (and open)</td></tr>
</tbody></table><br />
<br />
I'm super proud and happy that we could announce today, with our first release, that Nextcloud will <a href="https://nextcloud.com/?p=377">not be doing proprietary code</a>. No closed apps means no inherent conflict between sales and community management/developers within the company, but a full alignment in one simple direction: servicing the customer.<br />
<br />
And if you wonder about the collaboration with Collabora/LibreOffice Online and with Western Digital: yes, of course, we'll go full steam ahead and will facilitate where we can! No, we're not afraid that either would 'compete' with us: both will complement and strengthen the ecosystem. So we will work together.<br />
<br />
Why? Because the core contributors and founder shared an ambitious goal for Nextcloud: be <b>THE solution for privacy and security</b>.</div>Jos Poortvliethttp://www.blogger.com/profile/05243886270488333877noreply@blogger.com0tag:blogger.com,1999:blog-12366865.post-14268862373192323782016-06-09T20:44:00.000+02:002016-06-09T20:44:13.678+02:00BBQ and forking<div dir="ltr" style="text-align: left;" trbidi="on">Last night we had our first Nextcloud BBQ! Despite some rain it's a good start of something that should be a tradition. ;-)<br />
<br />
It was great to have conversations with the contributors who visited us as well as some downtime with the team. It's been a busy time since we announced our new endeavor. And it continues to be awesome to get so many supportive comments and feedback on what we're up to! People are excited about our open strategy and appreciate the fact that there is a solid company behind it. The flood of incoming requests for information and support from customers presents a good problem. So let me point out, again, that <a href="https://nextcloud.com/jobs">we're hiring</a>!<br />
<br />
<a href="https://2.bp.blogspot.com/-br7xYNXs5to/V1m4v3E31zI/AAAAAAAAWzs/CMwizPpmfvQA0Nm9UpllMkRdIh_i_VeyQCLcB/s1600/assembly.jpg" imageanchor="1" ><img border="0" src="https://2.bp.blogspot.com/-br7xYNXs5to/V1m4v3E31zI/AAAAAAAAWzs/CMwizPpmfvQA0Nm9UpllMkRdIh_i_VeyQCLcB/s400/assembly.jpg" /></a><a href="https://4.bp.blogspot.com/-yt0T8JzUGCE/V1m4vzlMmBI/AAAAAAAAWzw/Zp3PMu0d2qgVaByO9tQuIJ2dBowzOCarwCLcB/s1600/bbq.jpg" imageanchor="1" ><img border="0" src="https://4.bp.blogspot.com/-yt0T8JzUGCE/V1m4vzlMmBI/AAAAAAAAWzw/Zp3PMu0d2qgVaByO9tQuIJ2dBowzOCarwCLcB/s400/bbq.jpg" /></a><a href="https://3.bp.blogspot.com/-4U508IemPBQ/V1m4v_OlMjI/AAAAAAAAWzo/V8whtp2wh7k_WVmH2hJdl9eST5uq8yZoACLcB/s1600/inside.jpg" imageanchor="1" ><img border="0" src="https://3.bp.blogspot.com/-4U508IemPBQ/V1m4v_OlMjI/AAAAAAAAWzo/V8whtp2wh7k_WVmH2hJdl9eST5uq8yZoACLcB/s400/inside.jpg" /></a><a href="https://3.bp.blogspot.com/-lZZEsb2QhwU/V1m4wbXZUhI/AAAAAAAAWz4/Ll0mimEfnios2Dh4vs1dYG96msglDejEwCLcB/s1600/outside.jpg" imageanchor="1" ><img border="0" src="https://3.bp.blogspot.com/-lZZEsb2QhwU/V1m4wbXZUhI/AAAAAAAAWz4/Ll0mimEfnios2Dh4vs1dYG96msglDejEwCLcB/s400/outside.jpg" /></a><a href="https://3.bp.blogspot.com/-dbBVPE4Fagk/V1m4wNjmxgI/AAAAAAAAWz0/wgjQkzUU-ckOVbzI3p1OyFBASeD8xtbfACLcB/s1600/managing%2Bdirectors.jpg" imageanchor="1" ><img border="0" src="https://3.bp.blogspot.com/-dbBVPE4Fagk/V1m4wNjmxgI/AAAAAAAAWz0/wgjQkzUU-ckOVbzI3p1OyFBASeD8xtbfACLcB/s400/managing%2Bdirectors.jpg" /></a><br />
</div>Jos Poortvliethttp://www.blogger.com/profile/05243886270488333877noreply@blogger.com0Stuttgart, Germany48.7758459 9.182932100000016448.6084304 8.860208600000016 48.9432614 9.5056556000000167tag:blogger.com,1999:blog-12366865.post-2380675568096482602016-06-07T13:35:00.000+02:002016-06-07T14:58:51.808+02:00Nextcloud hackweek and open BBQ!<div dir="ltr" style="text-align: left;" trbidi="on">Yesterday we kicked off a meeting in Stuttgart to discuss Nextcloud and get work done. A first result is the <a href="https://help.nextcloud.com/t/habemus-repositorum-latin-we-got-a-new-repository/396" target="_blank">establishment of the new Server repository</a> on Github (and <a href="https://github.com/nextcloud" target="_blank">more repositories!</a>) and we'll share other things on <a href="https://help.nextcloud.com" target="_blank">the forums</a> and in Github issues the coming days. The real important news however is that we decided to organize a BBQ!<br />
<br />
If you're in the area, we'd love to see you show up Wednesday at EgilolfstraĆe 31, Plieningen/Hohenheim close to Stuttgart Airport. Nearest public transport would be either U3 Plieningen or S2/3 Flughafen/Messe. Join us starting 6PM for the good times!<br />
<br />
<iframe width="425" height="350" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" src="http://www.openstreetmap.org/export/embed.html?bbox=9.20940488576889%2C48.71706259936757%2C9.212087094783783%2C48.71831727426797&layer=mapnik" style="border: 1px solid black"></iframe><br />
<small><a href="http://www.openstreetmap.org/#map=19/48.71769/9.21075">View Larger Map</a></small><br />
<br />
We'll have some alcoholic and non-alcoholic beverages, meat, fruits, veggie stuff and of course a BBQ. Give us a shout if you're coming <a href="https://help.nextcloud.com/t/invitation-to-nextcloud-bbq-in-stuttgart-tomorrow/427" target="_blank">on the forums</a>!<br />
<br />
<a href="https://1.bp.blogspot.com/-dY4xB2CjNn4/V1avp4rUszI/AAAAAAAAWzM/7LKxIlUP2CQ0IQGlZi8TteGXQS1Ih_JagCLcB/s1600/building.jpg" imageanchor="1" ><img border="0" src="https://1.bp.blogspot.com/-dY4xB2CjNn4/V1avp4rUszI/AAAAAAAAWzM/7LKxIlUP2CQ0IQGlZi8TteGXQS1Ih_JagCLcB/s1600/building.jpg" /></a><a href="https://2.bp.blogspot.com/-mY6p4JB4rWo/V1avpxaEa9I/AAAAAAAAWzI/v6KNI1xS1HsN6hqSnh2laOf98MhgLZ_agCLcB/s1600/fight.jpg" imageanchor="1" ><img border="0" src="https://2.bp.blogspot.com/-mY6p4JB4rWo/V1avpxaEa9I/AAAAAAAAWzI/v6KNI1xS1HsN6hqSnh2laOf98MhgLZ_agCLcB/s1600/fight.jpg" /></a><a href="https://2.bp.blogspot.com/-C2lwacuqNHY/V1avpqsGXKI/AAAAAAAAWzE/HgsO7uhEO5Q8SoVi3Ou4SbKZNGpyvscqACLcB/s1600/Frank.jpg" imageanchor="1" ><img border="0" src="https://2.bp.blogspot.com/-C2lwacuqNHY/V1avpqsGXKI/AAAAAAAAWzE/HgsO7uhEO5Q8SoVi3Ou4SbKZNGpyvscqACLcB/s1600/Frank.jpg" /></a><a href="https://2.bp.blogspot.com/-qPyNQRYQC5Q/V1avqAVoSKI/AAAAAAAAWzQ/rMzWeWuZZDcOu9Y6VU3Dr9bgIbxF3ai9QCLcB/s1600/work.jpg" imageanchor="1" ><img border="0" src="https://2.bp.blogspot.com/-qPyNQRYQC5Q/V1avqAVoSKI/AAAAAAAAWzQ/rMzWeWuZZDcOu9Y6VU3Dr9bgIbxF3ai9QCLcB/s1600/work.jpg" /></a><br />
</div>Jos Poortvliethttp://www.blogger.com/profile/05243886270488333877noreply@blogger.com0tag:blogger.com,1999:blog-12366865.post-65541960996123456382016-06-02T15:02:00.001+02:002016-06-03T09:05:05.466+02:00You are Nextcloud, too - what we will do for contributors<div dir="ltr" style="text-align: left;" trbidi="on"><table cellpadding="0" cellspacing="0" class="tr-caption-container" style="float: right; margin-left: 1em; text-align: right;"><tbody>
<tr><td style="text-align: center;"><a href="https://1.bp.blogspot.com/-K0HzvEfNZ1I/VrXJqaIod0I/AAAAAAAAVTg/oGjJSABQWwM2-eIfxnvIA1lLpklyOtcEACKgB/s1600/devices.jpg" imageanchor="1" style="clear: right; margin-bottom: 1em; margin-left: auto; margin-right: auto;"><img border="0" height="213" src="https://1.bp.blogspot.com/-K0HzvEfNZ1I/VrXJqaIod0I/AAAAAAAAVTg/oGjJSABQWwM2-eIfxnvIA1lLpklyOtcEACKgB/s320/devices.jpg" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Cool stuff we want to do more with!</td></tr>
</tbody></table><br />
<br />
Based on feedback collected from many contributor members we've defined some plans and already made changes to how Nextcloud will be developed. Improved transparency and governance, focus on stability and architectural improvements and other improvements are covered in this blog. Much more is coming, you can join the conversation right now on <a href="https://help.nextcloud.com/">our forums</a>!<br />
<br />
<h2>Community Input</h2>January 2015, I ran a contributor survey to see what the ownCloud community thought about the processes, development focus and our work at the company. I shared the results <a href="https://mailman.owncloud.org/pipermail/devel/2015-April/001220.html" target="_blank">by the end of April</a> and pushed internally for the feedback to be taken serious. Some of the changes were implemented but many others were left for a future project to push forward. And Nextcloud will.<br />
<br />
<h2>feedback and changes</h2>Nextcloud aims to build a sustainable business, not limited by short-term, next-quarter thinking. The relationship with our community of contributors and users is central to our plans. <br />
<br />
To quote Frank on this: <br />
<blockquote>The company shouldn't be involving the community more in decision making; that's the wrong way of looking at it. There shouldn't be a fundamental separation to begin with!</blockquote>And that's what we want. Saying "we're more open" just means being a more friendly ruler - Nextcloud aims to be a participant, not a king, benevolent or not! That is not to say that there should not be any direction but it shouldn't be dictated by a company anymore. Of course, people can decide what they work on, and the company gets to decide what it pays its employees to do. Now there are changes in how we manage our employees too, with far less micromanagement and more freedom. But that's for another blog.<br />
<br />
Let's go over the specific pieces of feedback mentioned in the email and received from contributors in other ways and note how Nextcloud intends to address them.<br />
<br />
<h3>Development</h3>ownCloud is fun and relatively easy to contribute to, with a mostly well running review process and release cycle. There were some practical requests and suggestions as well as concerns about the strain the growth of our project has put on the core developers.<br />
<br />
<h4>Dealing with Pull Requests</h4>A major issue as detailed in many comments was that it often takes too long for pull requests to be merged. That is, contributions are not handled fast or at all. The result is that, with Core moving fast, contributions get out of sync, no longer apply and are effectively lost. As the graphs below show, the number of pull requests taking longer than 6 months to be merged is rising rapidly while the company is contributing less to development relative to volunteers. Don't get me wrong, it's great to have a growing community! But the support for development from the company needs to keep up with the pace.<br />
<br />
<div class="separator" style="clear: both; text-align: center;"><a href="https://2.bp.blogspot.com/-UU7f177N6PM/V1Arm68A7EI/AAAAAAAAWxw/ZQbsUpox5DwEFy2x8dZFvRqiG7qRkBDYACLcB/s1600/plot2-1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="320" src="https://2.bp.blogspot.com/-UU7f177N6PM/V1Arm68A7EI/AAAAAAAAWxw/ZQbsUpox5DwEFy2x8dZFvRqiG7qRkBDYACLcB/s320/plot2-1.png" width="320" /></a></div><div class="separator" style="clear: both; text-align: center;"><a href="https://4.bp.blogspot.com/-WYwqm1FyGA8/V1Arm-9Y3XI/AAAAAAAAWxs/GScHZ5x9LNQKbuKaBlKfWlkG9k3fBaXRgCLcB/s1600/PRs.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="326" src="https://4.bp.blogspot.com/-WYwqm1FyGA8/V1Arm-9Y3XI/AAAAAAAAWxs/GScHZ5x9LNQKbuKaBlKfWlkG9k3fBaXRgCLcB/s640/PRs.png" width="640" /></a></div><br />
Respecting contributions by being responsive and getting them merged will be our number one development priority at Nextcloud. As <a href="https://wiki.mozilla.org/Contribute/analysis">research by Mozilla has shown</a>, reacting swiftly to contributions is crucial for growing community and we intend to grow and nurture our contributor base, recognizing outside input as a key driver of growth and success.<br />
<br />
<h4>More stability</h4>A general point made was that it'd be good to focus more on stability and performance. Some of that has been implemented with the 8.x series and automated testing improvements done over the last year. An especially sore point in terms of stability is the upgrade process, as was very visible with the 9.0 release that is still not available for users of the built in updater app. We will soon blog about the Nextcloud plans with regard to the updater.<br />
<br />
<h4>Architectural improvements</h4>It was mentioned that some parts of ownCloud are in need of serious architectural love and refactoring. ownCloud has been traditionally rather restrained in this regard and people worried that this "impairs competent developers". While being conservative is important with regards to building a platform (stability and compatibility!) many improvements made their way into the 8 and 9 releases. To preserve a healthy balance, we want to introduce an Architecture team to make decisions that have a big impact on the code base. More details will follow.<br />
<br />
Another area of improvement would be to communicate more about architectural changes. Frank has already done a series of blogs about Federation in the past and more will follow.<br />
<br />
<h4>Apps: support for Calendar, Contacts and Spreed</h4>Many pointed out that apps are extremely important for ownCloud and we should work more on that. Frank has always <a href="http://karlitschek.de/2015/06/building-a-platform/" target="_blank">emphasized the importance of building a platform</a> and for Nextcloud this will be a central goal.<br />
<br />
Nextcloud will officially support the Calendar and Contacts apps and supercharge their development. The Spreed.ME app will bring fully supported audio and video chat to ownCloud. We'll also invest in growing and improving our API for these and other applications.<br />
<br />
<h4>Process</h4>Some smallish process improvements were requested. More logical labels and tags, for example, which have been pretty much cleaned up since then. Another thing was that big pull requests are often a pain in the ass to get merged and we should tell contributors to cut their work in smaller pieces. This was added to the documentation.<br />
<br />
<h3>Decision making</h3>Most people were positive about the technical direction of ownCloud - test-driven, stability, architectural work, those were great improvements. Decision making processes in the technical area were not considered very transparent. Comments were even more harsh about the project-wide decision making process.<br />
<br />
People feel decisions are often done behind closeddoors. Nextcloud will address this, in part by a new architecture team and in another part by getting rid of most 'hidden' communication channels like internal IRC and mailing lists. We also plan on talking more about our goals and plans in blogs and such.<br />
<br />
Longer term planning is a major sticking point: there is little of it public. We need to discuss, together, how to do longer term planning. This doesn't fit too well with github. <a href="https://help.nextcloud.com/" target="_blank">Thoughts welcome</a>!<br />
<br />
<h3>Communication channels</h3>Several people have noted that we've got too many, confusing and overlapping communication channels. We've already eliminated one: mailing lists. We still have a newsletter for those who want to follow us and the blog roll on <a href="https://nextcloud.com/news">nextcloud.com/news</a>. For technical discussions we keep using github (which now <a href="https://github.com/blog/1905-linking-merged-pull-requests-from-commits">links commits to pull requests</a> so you can find the discussion behind code) and we'll discuss more general subjects on <a href="https://help.nextcloud.com/">the forum</a>. Speaking of which, it's now on discourse - a massive improvement I'd say. And email fans can use email to communicate with people on the forum!<br />
<br />
<h3>Governance</h3>It was already mentioned here and there but there are two other big changes. First, we want the Nextcloud trademarks to be owned by the community, like the ownCloud one should have been. So we will set up a foundation soon which will control the trademark (not have it sub-licensed!) and more in the future.<br />
<br />
Second, we will get rid of the Contributor License Agreement. You don't need to sign anything to contribute to Nextcloud.<br />
<div><br />
</div>Third, without CLA there are no proprietary apps part of Nextcloud. We won't be artificially crippling Nextcloud just to get some checkmark on a feature list on the enterprise side. At the same time, of course much functionality is needed for companies, stuff that they need (and home users don't). We will provide that for sure, including migration path, but this time as stand-alone tools. No more exclusivity for a single company, allowing it to do things others can't for legal reason. Our power is in employing the people who write the code, so we can give the best support and develop the best features. If another comes and tops us, well, we should've done better.<br />
<br />
<h2>Users</h2>There will be improvements for users, too. Already mentioned were our plans to support the Calendar and Contacts apps, Mail too, perhaps more. And of course with Spreed.ME we will integrate open source, WebRTC based video conferencing. There is more coming - for a future blog!<br />
<br />
<h2>That's all? Nope.</h2>Now I know this is a long blog with lots of details. No surprise, it is based on things we've wanted to improve for many years but could not. Now we can and we will. This is not the end of it, other suggestions and thoughts are more than welcome. Get involved!<br />
<br />
</div>Jos Poortvliethttp://www.blogger.com/profile/05243886270488333877noreply@blogger.com0tag:blogger.com,1999:blog-12366865.post-48321304495867869492016-06-02T10:00:00.000+02:002016-06-02T13:48:41.446+02:00Nextcloud is the future of open source file sync and share<div dir="ltr" style="text-align: left;" trbidi="on">So today is the day: we announce that we're forking ownCloud at some point the coming weeks. We includes <a href="http://karlitschek.de/blog/">project founder Frank</a> and the core ownCloud contributors who publicly quit ownCloud, Inc. over the last weeks - <a href="https://statuscode.ch/">Lukas</a>, <a href="http://www.arthur-schiwon.de/">Arthur</a>, <a href="http://morrisjobke.de/">Morris</a>, <a href="https://www.schiessle.org/">Bjoern</a>, <a href="http://jancborchardt.net/blog/leaving-owncloud-inc.html">Jan-Christoph</a> and quite a few others as well who can't talk about that yet. As of now, most of the <a href="https://github.com/owncloud/core/graphs/contributors?from=2015-05-31&to=2016-05-31&type=c">top contributors to ownCloud core</a> are joining and of course, we're very busy hiring and aim to leave no (wo)man behind.<br />
<br />
<strong>'why'</strong> is the question everybody has and I hope you understand I don't want to talk too much about that. Instead, let me talk about what we are going to do.<br />
<br />
<h2>A healthy Nextcloud</h2>Open source projects work best when they have a company behind them which aims to build a sustainable business around a symbiotic relationship with the community they are a part off. Make no mistake, I think it's great if people (investors, founders) can cash out big. They take a risk, put in blood, sweat and tears. But venture capital often leads to short term thinking and chasing of quarterly numbers resulting in bad decisions. Money, time and effort is wasted and growth isn't what it could be - and that's pretty much a best case scenario.<br />
<br />
The good news is that we're starting a new company, Nextcloud, which will do things right: build a sustainable, durable business. We've got support from Niels Mache, long time open source entrepreneur and owner of the <a href="http://www.spreed.com/">spreed video conferencing business</a>. Nextcloud will integrate with spreed's successor, the open source, webRTC based <a href="https://spreed.me/">spreed.me video conferencing software</a>, kickstarting as a healthy, growing business with loads of customers while the integration provides a real valuable new feature to users.<br />
<br />
<h2>What we will offer</h2>This reboot of ownCloud is meant to be good for users, customers and contributors alike. So we'll be providing a drop-in replacement for users next month, which will bring them the stability and security updates they need as well as full spreed.ME video conferencing integration.<br />
<br />
For customers, the drop-in replacement will be accompanied with a Enterprise Subscription which gives them all the support and features they are used to. Better, even: we will honor all contracts so nobody has to pay twice or get in trouble. On top of that we plan to support some of the most popular apps like Calendar and Contacts both for home users and enterprises. Our goal here is to ensure nobody is left without the support they need to be happy, successful own/Nextcloud users.<br />
<br />
We're setting up infrastructure now for the wider contributor community to join us. We've got some improvements in store, including <a href="https://help.nextcloud.com/">new forums (discourse based)</a>, no more Contributor License Agreement and a foundation that will hold trademarks (not have them sub-licensed; nor be under company control!). January last year we did a survey of what community contributors would like to see improved and, finally, we can implement many of those requests. I will blog more about that later today!<br />
<br />
<h2>Future</h2>I know that this is a surprise to everybody and it isn't that you should be joining RIGHT NOW or I'll hate you forever, on the contrary. ownCloud is a very important project and a rash decision makes no sense. We are in it for the long haul, our goal is a smooth transition and that means we will take some time to prepare things on our end. We've always been in close contact with our contributors and this new thing can only be open and public from now on so let's take our time to do this right. Over the coming days we'll blog about our plans and you can provide input and help us make the right decisions!<br />
<br />
This endeavor will take some time and effort, but successful examples like LibreOffice and MariaDB have shown that, in the end, the community will find a way to get it right. I'm confident that we will be able to deliver even better solutions for our users and customers thanks to a redefined, more open community and company relationship!<br />
<br />
Check out our <a href="https://nextcloud.com/we-are-nextcloud-the-future-of-private-file-sync-and-share/">announcement blog</a>, <a href="https://nextcloud.com">our website</a> and ping me or ask your questions in our <a href="https://plus.google.com/events/cnntcg90ehkd9j6gdglumj1g708" target="_blank">Live Nextcloud Q&A Hangout</a> with <a href="karlitschek.de/blog/" target="_blank">Frank</a> and myself, moderated by <a href="http://lunduke.com/" target="_blank">Bryan Lunduke</a>, today at 19:00 PM Berlin/Amsterdam/Paris time, 10:00 AM Pacific time.<br />
<br />
And yes, if you want to join us, <a href="mailto:jobs@nextcloud.com">send an email</a>, we're hiring!</div>Jos Poortvliethttp://www.blogger.com/profile/05243886270488333877noreply@blogger.com0Berlin, Germany52.520006599999988 13.40495399999997552.210736099999991 12.759506999999974 52.829277099999985 14.050400999999976tag:blogger.com,1999:blog-12366865.post-90382365806866393122016-05-20T11:48:00.000+02:002016-05-23T12:42:34.799+02:00Moving on from ownCloud<div dir="ltr" style="text-align: left;" trbidi="on">
A few days ago, I published my last blogpost as ā<i><a href="https://owncloud.org/user/?user=owncloud">ownCloud</a></i>ā
on our blog roll about <a href="https://owncloud.org/blog/owncloud-reaches-1000-code-contributors-grows-80-in-one-year/">the
ownCloud community having grown by 80% in the last year</a>. Talk
about leaving on a high note!<br />
<br />
Yes, Iāll be leaving ownCloud, Inc. - but not the community. As
the numbers from my last post make clear, the ownCloud community is
doing awesome. It is growing at an exponential rate and while that in
itself poses challenges, the community is healthy and doing great.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-rd4Mic7eeKU/Vz7dKK13CvI/AAAAAAAAWr0/hWH_go1IRqcjAmv1TR2JyEgsu_BjxAZNACLcB/s1600/june2014.jpg" imageanchor="1" style="clear: right; float: right; margin-bottom: 1em; margin-left: 1em;"><img border="0" height="213" src="https://1.bp.blogspot.com/-rd4Mic7eeKU/Vz7dKK13CvI/AAAAAAAAWr0/hWH_go1IRqcjAmv1TR2JyEgsu_BjxAZNACLcB/s320/june2014.jpg" width="320" /></a></div>
<br />
I <a href="http://blog.jospoortvliet.com/2014/03/dear-owncloud-community-as-you-might.html">joined
in 2014</a>, when ownCloud, Inc. had about 36 employees. The
community grew that year, according to our <a href="https://owncloud.org/history">history
page</a>, from 1 million users to 2.2 while the number of average coders per month went from 62 to 76. For me, the coolest thing that year was the
<a href="https://owncloud.org/blog/owncloud-contributor-conference-was-awesome/">ownCloud
Contributor Conference</a>, that brought together 100 contributors
for a week of hacking at the university of Berlin. A stressful, but
awesome week. Though, my first meeting most of my colleagues was some
months earlier at the Stuttgart meetup and my first release was
<a href="http://owncloud.org/blog/owncloud-7-released-with-more-sharing-and-control/">ownCloud
7</a> not long before the event.<br />
<br />
2015 was more of that - our history page <a href="https://owncloud.org/history/">has
a great overview</a> and Iām darn proud of having been a part of
all those things. 2016 brought ownCloud 9, a major release, which was accompanied by an overhaul of <a href="http://owncloud.org/">owncloud.org</a>, I hope you like our new website!<br />
<br />
Not everything is finished, of course. Weāre still smack in the
middle of awesome work with <a href="https://owncloud.org/blog/libreoffice-online-has-arrived-in-owncloud/">Collabora</a>
and <a href="https://owncloud.org/blog/spreed-brings-private-video-calls-to-owncloud/">Spreed</a>
as well as the WDLabs PiDrive project - I just finished and published
<a href="https://owncloud.org/pidrive">this page</a> about it. All
great stuff which has great momentum and will certainly move forward.<br />
<br />
Myself, Iāll stay around in the community. Iāll talk about the awesome stuff that is coming next early June but until then, donāt hesitate
to contact me if youāve got any questions about ownCloud or
anything else. You can still catch me on <a href="mailto:jos@opensuse.org">jos@opensuse.org</a>
;-)</div>
Jos Poortvliethttp://www.blogger.com/profile/05243886270488333877noreply@blogger.com0