FreshRSS

πŸ”’
❌ About FreshRSS
There are new available articles, click to refresh the page.
Before yesterdayReleases

Nextcloud Conference: Nextcloud iOS client release introduces new share view, dark mode, better performance

The last time we blogged about the Nextcloud iOS client was a release back in October 2018! That's a long time ago, and you're forgiven for thinking not much has been happening. iOS users know better, though: no less than 12 releases were made, introducing an offline file view, voice memo recording, a brand new Media view and much more. The Nextcloud Conference in Berlin was the occasion for the latest release, bringing many more improvements to users.

2.24.0 in Berlin

The last version introduces the following improvements:

  • Improve style and discoverability of notification actions
  • Improve notification UI/UX + add avatar
  • Several improvements to Collabora Online document editing integration
  • File Provider Extension now supports multiple accounts
  • New share view now with all functions and UI/UX available on Server side with Details, Activity, Comments and Sharing
  • Improved Activity support
  • new UI/UX on “Files” Tab with improved scroll performance
  • Dark Mode
New iOS share view
New iOS share view
Dark mode!
Dark mode!

Here’s all the news from the Nextcloud Conference:

What else is new?

Since we talked last about the client in October, the following other improvements were made:

  • UI/UX for view in list or grid mode
  • New Picker Photo/Video with the possibility of making a photo/video inside Nextcloud
  • New UI/UX for notifications
  • Integration of Collabora Online Office
  • You can modify a Photo before the upload
  • New UI/UX for Activities
  • Many improvements to UI/UX & fetch algorithm in the Media tab
  • Added QRCode reader for Login
  • Added the possibility to record a voice memo and save directly to Nextcloud
  • New Push Notifications
  • Improvements to scan document: Added flash, filters, rotate, auto/manual detect and more
  • More integration with Nc Talk

New Nextcloud developer program: work with us!

Nextcloud was always designed as a software platform and not a monolithic application. This is why we have the apps concept, many of the APIs and why we push open standards.
In the past, many developers and companies used these capabilities. Today, we are launching the new Nextcloud developer program to bring these capabilities to the Next-level!

Here’s all the news from the Nextcloud Conference:

Join the program

We are looking for individual developers and companies to work with us in building new apps.

There are several things you can do:

  • Develop a complete new server side application on top of Nextcloud leveraging the Nextcloud framework for authentication, storage, distribution and many other things.
    Examples would be the recently released OneDrive external storage, the new Maps app or the SecSign ID authentication app.
  • Write a plugin that extends or changes the behavior of Nextcloud.
    Examples include the HSTS app which adds a HSTS header to HTTPS responses or the OCR app which adds a OCR option in the Files app.
  • Integrate other software, services and projects with Nextcloud.
    For example, look at Moodle, RocketChat or Zimbra.
  • Write new desktop or mobile apps that interact with a Nextcloud server.
    For example KDE and GNOME integration or the Deck Android app.

Nextcloud is a very popular software platform

So why is Nextcloud a great foundation for your app and why does it make sense to integrate with Nextcloud?

Nowadays we estimate the number of active servers to be between 250.000 and 300.000 with tens of millions of users. That makes Nextcloud with quite some margin the most deployed on-premises file sync & collaboration platform! In other words, building a Nextcloud app means having a huge audience who can install your app with a single click!

Why is Nextcloud so immensely popular? It provides what people need!

Nextcloud’s mission is to be the decentralized central hub that allows you to stay in control of all your data, communication and collaboration needs securely, protecting user’s privacy. That is the reason why home users, companies, universities and the German and French governments and many other organizations from the EU trust Nextcloud to handle their data and meta data.

Nextcloud started like an open source alternative to Dropbox. More like a tool to store, sync and share files. Nowadays things have changed and we are competing with services like Google GSuite and Office 365, covering a lot more than normal file syncing.

As a full alternative to the propriety and centralized services from Microsoft, Google, Dropbox, Apple and others, with Nextcloud you can do collaborative office document editing, use a calendar, contacts, do group-chats, video and audio calls, emails, notes, RSS feeds, project management drawings, manage passwords and a lot more. All of that 100% Open Source and self-hosted of course.

Nextcloud is also very scalable. It runs on tiny systems like Raspberry Pie up to a group of server clusters distributed over several hosting centers and continents with millions of users.
app store screenshot showing button to enable untested apps

Why join the program: 8 more reasons

  • Nextcloud is and will remain 100% free and open source software. This creates a fair playing-field for everyone and makes sure that we all benefit from each others work. We are all equal and follow the same AGPL rules.
  • Open Source guarantees that you can always run Nextcloud and your application in all scenarios without the need to buy a license or have a vendor lock-in.
  • There is no Contributor License Agreement or other legal work or contracts needed. No one has to transfer ownership of the code to another entity. Everyone keeps the ownership over their own work.
  • Nextcloud has good developer documentation. All other apps are open source and can be used as blue prints. Developing a Nextcloud app is easy!
  • Nextcloud has millions of users. Your work is immediately available to a huge install base.
  • Nextcloud has an AppStore where you can easily make your work available to all Nextcloud users. So a lot of users will test and use your app.
  • The Nextcloud community is very welcoming and friendly. So if you ever need any help or support then someone will want to help you and answer your questions.
  • There are several events like the yearly Nextcloud Conference where you can get in contact with the developers, attend talks and workshops to get on hand training.

We at Nextcloud are looking forward to work with other projects and companies to integrate their software and promote the integration together. If you have build an app or want to build one and would like to get a blog published, or even see if there is a way to work with Nextcloud GmbH to monetize your work, shoot us an email!

All the information and the useful links are listed on the new developer portal page.
If you have any questions about these new opportunities for developers to build on top of Nextcloud you can always contact us.

Let’s make a difference and help users take back control over their data and communication!

Nextcloud announces virtual data room solution for ultimate protection of data during sensitive negotiations

Tens of millions use Nextcloud to protect their data, at home or in their business. That is why Nextcloud takes security so serious, developing many unique security-related features and offering a USD 10.000 security bug bounty to security researchers. In some situations data has to be protected from leaking, even by the people who gain access to it. For this scenario, Nextcloud introduces its virtual data room (VDR) solution.

Virtual data rooms

Say you want to give a third party the chance to review and perhaps even edit a number of documents but prevent data leakage as much as possible. This is useful if you're working on due dilligence for an investment, need to decide on a loan or other sensitive business transactions.

A Nextcloud virtual data room enables you to:

  • create guest accounts for the third party team and share files to those.
  • enforce the setup of a second factor for secure authentication when the guests create their account.
  • use File Access Control to ensure no files can be downloaded by the guests.
  • configure Secure View ensure the users can still read and (when shared with editing rights) modify documents, while the documents are watermarked when on screen.
  • Keep email content and attachments 100% confidential by using the Secure Inbox feature in the Outlook Add-in to share to the guest accounts. The email body and attachments are shared securily through Nextcloud, without risk of leakage even to the mail server. The recipient only receives an email telling them a new message was send. They can then log in securely on their guest account and view it.
  • If you allowed downloading files so the guests can use Nextcloud mobile and desktop clients, you can use Remote Wipe to clean their devices once the project ends.
  • Make sure that discussions about documents, plans and other information can take place through the integrated Nextcloud Talk so no third party can gain access to the communication, either through listening in on the calls or accessing the chat logs.

A 100% self-hosted Nextcloud solution

These capabilities and more are part of our virtual data room solution designed for use by organizations when they need a space where an often cross-organizational team can collaborate, firewalled off from either or both of their organizations.

It enables secure due diligence during a take-over or venture capital transactions. Multiple virtual data rooms can be set up in paralel, or sequentially, enabling financial institutions to ensure data does not cross between offices, countries or teams.

Where other virtual data room solutions still require data to be stored at a third party and route authentication and real-time communication through their data centers, a self-hosted Nextcloud virtual data room offers 100% control and thus near perfect protection from data leaks.

Forget about SAAS and outsourcing: an on-premises Nextcloud VDR offers the ease of use that speeds up deal making while strict control over access and fine grained auditing ensure sensitive data remains secure.

Nextcloud VDR Capabilities

Nextcloud develops the industry-leading on-premises content collaboration solution, bringing together efficient real-time communication, document editing and easy sharing together in a coherent platform.

Features include:

  • Activity tracking and audit log, real-time reporting
  • Built in secure communication with comments and audio/video chat
  • Secure email box (prevent leaking of email content and attachments with Outlook integration)
  • Advanced search within the whole VDR
  • Extensive file compatibility
  • Unlimited data and accounts
  • Easy, familiar interface
  • Document versioning
  • Extensive security capabilites, including:
  • Multi-layer, military-grade encryption
  • Advanced digital rights management
  • multi-factor authentication
  • Video Verification to enforce identity proof
  • Extensive file access control mechanisms
  • Watermarking of files
  • Remote wipe
  • Industry-leading ransomware protection

Nextcloud is used in extremely security-sensitive environments every day in the financial, healthcare and government sectors. Nextcloud VDR provides an even more hardened, secure, complete and easy to control environment for efficient collaboration on the most sensitive data.

You can read more about how Nextcloud can help you with a virtual data room on our website.

Feature highlights

A virtual data room is a setup customized to each use case and customer. To highlight a few of the capabilities and features useful in virtual data room scenarios, we created a series of screenshots below.

Secure Mailbox

This example sends the link and password to the recipient by email. The user can take out the password and send it through another channel. Alternatively, when a guest account is set up for the recipient, the Outlook add-in will detect this and instead share the message to the guest account and include an internal link in the email. The recipient will have to log into their guest account to access the email.

Secure Mailbox - Writing an email
Writing an email
Secure Mailbox - attaching files
Attaching files, enabling Secure Mailbox

Fresh from the conference: Nextcloud Desktop client 2.6.0 with new Login Flow, second test version of Virtual Drive

We have just made available a new update of the Nextcloud Desktop client with a large number of fixes and improvements including a rework of our login flow. The new login flow uses the system browser, which should improve compatibility with many servers, especially those with tight security settings or non-standard authentication mechanisms.

Talking of authentication, the client now fully supports Client-side SSL Certificates for authentication and the new Windows build also supports TLS 1.3! You can grab the new client now.

Second, today we’ll make available a new test version of our Virtual Drive build of the client, and we’re looking for feedback on the progress we’ve made!

As always, a big thank-you goes to our community of contributors. Note that we are still looking for new people to join our team!

Here’s all the news from the Nextcloud Conference:

Fresh from the conference: Nextcloud Android client 3.8 with U2F, TLS 1.3, Remote Wipe and more

We have made version 3.8 of our Android client available today, bringing a slew of security features with many bugfixes and smaller improvements to our users. If your phone hasn't updated yet, give it a kick and grab the new version today!

U2F device support integrated by COTECH

As said, this release brings many security-related features. First, U2F support was integrated thanks to the work of COTECH. The result is a usable login flow: At the bottom, a dialog indicates that user interaction is needed during U2F login. Users get assistant with helpful animations if they are not familiar with the concepts of security keys on mobile devices.

The most common security keys are compatible with our implementation. Users can use them via USB or NFC. Just a simple touch with the key on the back of the device and the user is logged in. But USB usage is similarly easy: Plug in the key and press its button to indicate user presence. Learn more in the blog by COTECH.

Using a Nitrokey to log into Nextcloud

Updated TLS support and added Remote Wipe

Second, some internal libraries were updated to allow for TLS 1.3 connections, helping sysadmins who have tight security policies on their Nextcloud server.

And last but not least, support for one of the major features of Nextcloud 17 was brought to the Android client with the integration of Remote Wipe support!

With Remote Wipe, users can delete all the data of their devices from the Nextcloud web UI, useful in case of lost of theft of a device. Sysadmins can instruct all devices to wipe their data in case an employee leaves the company, for example.

Remote wipe as a user, per device
Remote wipe as a user, per device
Remote wipe as admin, per user
Remote wipe as admin, per user

Here’s all the news from the Nextcloud Conference:

Last year

As it is the Nextcloud Conference today, we thought we'd share not just what is new today but also give you an overview of everything we improved in the client over the last year!

3.3.0

  • Trashbin support
  • Media streaming
  • Protection via device credentials

3.4.0

  • Editing via Collabora Online
  • set/edit notes on sharing
  • search inside text files
  • action on notifications
  • share file to Talk

3.5.0

  • Chunked upload: 1Mb wifi / 10Mb Wlan
  • QR codes for signup
  • deep link integration
  • direct camera upload
  • sync all downloaded files

3.6.0

  • storage path chooser for local files
  • show notes on sharing
  • show shared user as avatar

3.7.0

  • Chromebook support
  • delete push notifications via server
  • open files from Talk app

3.8.0

  • U2F support on login
  • crash report
  • TLS 1.3 support
  • Remote Wipe

Nextcloud Flow makes it easy to automate actions and workflows

We are happy to announce that Nextcloud 18 will introduce Flow. This app will make it easy for users to automate some common tasks through an easy, graphical user interface. Integration with the wide variety of apps in the Nextcloud ecosystem will be an important priority for this project. A first tech preview is available as part of the daily builds of Nextcloud 18.

Here’s all the news from the Nextcloud Conference:

What can Flow do

Nextcloud Flow is designed to help you automate tasks. For example, when a file is added to a specific folder, a shared link to the file could be created and send through Nextcloud Talk into a specified chat room. Or, when a new element (like a file, a chat or a Deck board) is added to a certain project, you get a notification.

Here is a mockup (based on current state) of what NC Flow should look like by release time:
mockup (based on current state) of what NC Flow should look like by release time

One thing Flow can do is can help the workflow of teams collaborating on documents. Think of the approval and review processes, as in this example:

An partner sends a customer order form by mail to a special inbox. The attachments get uploaded to Nextcloud and, because they end in a special folder, are given a specific tag. This tag results in the file getting added as a task card in a Deck board for Team X to process. The chat from Team X notifies them of the arrival of the new task. A team member reviews the form and when done, moves the card to done which automatically adds a 'reviewed' tag. This tag results a notification for the manager. Once they adds the 'approved' tag, the files are turned into a PDF, then shared via a public link, which in turn is added to a mail that gets send to the partner.

As you see, Flow can go beyond files, tying together the various capabilities of Nextcloud. Through an easy API, Nextcloud applications like Calendar, Mail, Talk and Deck will be able to provide actions and triggers for users to use. This means that more and more apps will be able to offer integration, so users can configure Nextcloud to respond to a wider range of events with an ever growing amount of actions.

Get Flow

Flow will be a part of Nextcloud 18. We have just started working on this release, but Flow has been under development for while already. A first tech preview is available as part of our development version, downloadable as a daily build. Input from users is very welcome, as there is a wide range of capabilities that could be added and the team is looking for use cases to prioritize. App developers can also get started supporting Flow in their apps! Documentation for Flow will soon be available on our Developer site.

At the Nextcloud Conference this weekend, a workshop will demonstrate how developers can add new capabilities from their apps to Flow.

Screenshots of the current state:

Creating a new flow
Creating a new flow
Multiple operations
Multiple operations
Select Triggering Event
Select Triggering Event
Add check to rule
Add check to rule
Define mimetype rule with presets
Define mimetype rule with presets
Additional check and operation options
Additional check and operation options
Overview
Overview

Nextcloud 17 scales up and improves data protection with Remote Wipe, collaborative text editor, 2FA updates, IBM Spectrum Scale support and Global Scale improvements

Fresh from the Nextcloud conference stage, we are proud to announce a major release of Nextcloud, the easiest solution for secure, on-premises collaboration on documents, calendars and communication! Nextcloud 17 will introduce a series of secure collaboration features including a collaborative text editor, remote wipe, updated secure view, improved two-factor-authentication and easier access than ever with deeper integration of large-scale storage like S3 and IBM Spectrum Scale.

Nextcloud 17 is available as release candidate, with the final release expected later this month.

A quick overview of what is new:

  • 💣 Remote Wipe allows users and administrators to forcibly clean files from remote devices, for example in case they are stolen.
  • 📝 Nextcloud Text, our new distraction-free, collaborative rich text editor
  • 🔒 Improvements to secure view like enforcable watermarks enable virtual data room use
  • 🔐 Setup two-factor authentication after first login, admins can create one-time login tokens in the web UI and delegate this to group admins
  • 📧 secure mailbox in Outlook Add-in
  • 👥 LDAP write support makes it possible to manage users from Nextcloud
  • 💽 S3 versioning support, IBM Spectrum Scale integration and Global Scale with Collabora Online

See our separate announcement about building virtual data rooms with Nextcloud 17 here.

Other news from the Nextcloud Conference includes:

Follow the conference live!

Remote wipe

A major new feature in Nextcloud 17 is remote wipe. While many companies have Mobile Device Management, thanks to build-in support, Remote Wipe will work on systems not under management of the company. This is useful for home users but also large universities and of course in a scenario where guest accounts were handed to a third party. If you permit downloading of documents by the third party, you can wipe the documents from their devices when the the collaboration has ended.

Remote wipe can be used on a per-device basis by users and on a per-user base by the administrator.

Remote wipe user
Remote wipe as a user, per device
Remote wipe admin
Remote wipe as admin, per user

Two-factor authentication improvements

Two-factor authentication is very important to protect the security of Nextcloud accounts. Administrators can enforce the use of two-factor authentication and offer a number of options to users.

Nextcloud 17 introduces:

  • Ability for users to setup 2FA after the first login it was enabled or enforced
  • New Administrator settings:
    • Administrator can create one-time-login tokens for users who forgot or broke their second factor solution
    • Administrator can delegate the ability to create one-time-login tokens to group administrators

Nextcloud offers the following 'second factor' options, any number of which can be enabled by the system administrator and used to validate the login of a user:

  • Time-based One-Time Password (TOTP, including Google Authenticator or similar apps
  • Universal 2nd Factor hardware tokens (U2F, like Yubikeys or Nitrokeys, also supports NFC)
  • Gateways: SMS, secure messaging apps Telegram, Signal and more
  • Notification (just click to approve login on an existing device like a phone)
  • User backup code (User has to generate these in advance and store them in a safe location)
  • Administrator backup code (creating those can be delegated to group admins)

Active user sessions can be invalidated through a list, by removing the user in the admin settings or by changing passwords. Users can manage their own sessions and devices. Remote wipe is available from that same screen.

2FA enforcement settings, enforcing for guest users
2FA enforcement settings, enforcing for guest users
2FA setup on first login
2FA setup on first login
One-time login token creation
one-time login token creation

Secure view and watermarks for documents

Last December, Nextcloud 15 introduced the Hide Download menu option. Since then this feature was used to provide secure view functionality in Collabora Online and ONLYOFFICE. With Nextcloud 17, our secure view feature was expanded with admin settings for watermarked text to enforce watermarks on:

  • public shares: option for all/read-only shares/hide download/tagged with (select a tag, for workflow integration)
  • internal shares: option for all/read-only/no reshare/tagged with (select a tag, for workflow integration)

Note that the full range of options requires Collabora Online 4.1. For older versions only the 'all' option works. ONLYOFFICE supports all these new capabilities as of today.

With secure view, our online office solutions can be configured to open PDF files, images and text files, making these files available in a watermark-protected way, while downloads and other apps are disabled using File Access Control. This setup is useful when data has to be protected from leaking but still has to be made available for review, like in a virtual dataroom scenario.

Configuring Secure View in Collabora
Configuring Secure View in Collabora
Setting a 'confidential' tag
Setting a 'confidential' tag
Secure view watermarked file
Secure view watermarked file

Secure mailbox for Outlook

The Outlook Add-in introduces the secure mailbox feature. This feature protects the contents (body) of email from interception by providing the recipient with a notification that a new email was received. The recipient then has to log in on their (guest) account to access the email and its attachments.

In combination with the read.me app, the body of the email is shown on top of the file attachments. Each email is a folder, linked to in the email notification.

Secure Mailbox - Writing an email
Writing an email
Secure Mailbox - attaching files
Attaching files, enabling Secure Mailbox
Secure Mailbox - Email as it will be sent to recipient
Email as it will be sent to recipient
Secure Mailbox - Recipient view in Secure Mailbox in Nextcloud
Recipient view in Secure Mailbox in Nextcloud

This example sends the link and password to the recipient by email. The user can take out the password and send it through another channel. Alternatively, when a guest account is set up for the recipient, the Outlook add-in will detect this and instead share the message to the guest account and include an internal link in the email. The recipient will have to log into their guest account to access the email.

You might be familiar with this feature from banks, insurance, realtors and other organizations dealing with sensitive data. Protecting the content from emails from leaking is very hard and with the Secure Mailbox for Outlook feature, Nextcloud offers an integrated solution.

Security hardenings

Security is very important to Nextcloud users, and thus a core focus for the Nextcloud team. Every release comes with many improvements, and this is no different. These include:

  • A new feature policy header
  • Stricter CSP
  • Suspicious login improvements

HackerOne logo

At the Nextcloud Conference, Nextcloud GmbH also announced a doubling of its security bug bounties to USD 10.000. This means an even larger insentive for security experts to find and responsibly report security problems to Nextcloud's capable and responsive security team.

If you want to learn more about security in Nextcloud, we strongly recommend to read about the various layers of encryption in Nextcloud and how Nextcloud can save your business from ransomware attacks.

Nextcloud Text

There are many moments when a light-weight, distraction-free text editor is the perfect solution for the task. Note taking, writing down thoughts or brainstorming a little don't require advanced editors with thousands of features. Nextcloud Text is an integrated, collaborative markdown-based text editor and ships as part of Nextcloud 17. Compared to the test version we made available for Nextcloud 16, this version has much improved reliability and introduces plain text editing with syntax highlighting for code.

All the good features are still here, and improved:

  • markdown-based
  • simple, efficient interface
  • any number of collaborators
  • support for bullets, headers, bold, italics, images and strike-through
  • sidebar with sharing, comments, versions, video chat and activity
  • and now: plain text editing with syntax highlighting

Learn more in our earlier announcement.

Performance, scalability and storage integration: IBM Spectrum Scale, Global Scale and S3.

This release delivers a number of improvements in the area of performance, scalability and storage integration.

Real time document collaboration with Global Scale

This release expands the capabilities of our unique Global Scale architecture to Colabora Online. Global Scale is designed to enable some of our largest customers to run a single Nextcloud instance with tens of millions of users. Collabora Online GS integration allows these users to seamlessly collaborate with each other on office documents.

Global Scale has been in production since 2017 in a commercial setup for tens of millions of users across 4 continents. Several other customers have deployed or began experimenting with Global Scale in the last years. Thanks to the new integration, Collabora Online installations at multi-million user scale are now set to roll out.

For smaller deployments, these changes are also relevant: users can now collaboratively edit documents across private Nextcloud servers!

See the Collabora/Nextcloud announcement of Global Scale integration here.

IBM Spectrum Scale logo

IBM Spectrum Scale integration

In collaboration with IBM, Nextcloud 17 introduces IBM Spectrum Scale integration.

IBM Spectrum Scale is a high-performance file system for managing data with the distinctive ability to perform analytics in place with comprehensive support for data access protocols including POSIX, NFS, SMB, HDFS and S3/Object. It can provide a single namespace for all this data, offering a single point of management with an intuitive graphical user interface. IBM Spectrum Scale offers high scalability, high availability, automated data management and reliability with no single point of failure in large file storage infrastructure.

On request of several major research organizations and universities, Nextcloud and IBM developed this integration between IBM's Spectrum Scale and the Nextcloud storage layer. A white paper with more details can be found on the IBM website. An example use case would be when a research institute has a large storage system where research data is written to by scientific tools. Thanks to this integration, this data can be made available real time through Nextcloud and manipulated without the risk of accessing outdated information.

See the announcement of the Nextcloud and IBM collaboration here.

S3 versioning integration

Nextcloud 17 introduces S3 versioning support which allows a Nextcloud server to use the native versioning of S3 rather than its own. This allows a system administrator to manage versions using native S3 tools but, when used with S3 as external storage, also improves compatibility with other applications which access the same data. Nextcloud will then be able to recognize versions created by these other applications, and vice versa.

More responsive web interface and decreased server load

In every release, Nextcloud improves in performance and responsiveness of its user interface. For this release:

  • We have significantly reduced the number of requests to the server on page loads.
  • We do more streaming when writing to storage
  • A new event dispatcher interface does simpler linking and more lazy loading.
  • An initial state manager makes some pages feel more instant since it saves the initial ajax all to the backend.

This should help decrease server load and improve the snappyness of the web interface.

Nextcloud Talk

With this Nextcloud version comes again a release of Nextcloud Talk. Like the previous release, the work for this release was focused on improving the reliability of Talk, but a few new features were integrated as well:

  • Added a simple Lobby: moderators can join and prepare a call/meeting while users and guests can not join yet
  • Allow to mention guest users
  • Added a voice level indicator and notify the user when they speak while they are muted

Client releases!

Today, we also make available releases of our Android, iOS and desktop clients!

Note that the Android client will have FIDO2 support, which was developed in collaboration with Nitrokey and Cotech. Learn more in the blog by Cotech!

Even more

There is much more new and improved in this Nextcloud release. For example, we have a systems overview in the admin settings which shows system package versions to help the admin administer their system. The monitoring section received a bit of a redesign. We could keep going, but we rather recommend you try out Nextcloud 17 RC1 and help us make it as stable as possible!

Also, be sure to check out the other news from the Nextcloud Conference which includes:

Nextcloud Conference News: Nextcloud GmbH doubling HackerOne security bug bounties!

Just before the Nextcloud Conference in Berlin, Nextcloud GmbH has decided to double the security bug bounty, going up to USD 10.000 for a remote execution vulnerability! We will talk more about this tomorrow during the conference, but for now read on for details.

Nextcloud: a secure collaboration platform

Nextcloud lets users access and collaborate on documents, calendars and in video chats in the browser or through mobile apps. Over 200 apps extend Nextcloud functionality with features like playing music and movies, tracking your phone, reading news, mind mapping and more. It is by far the most popular private cloud software, 100% open source, developed by a community and used by millions of home users as well as organizations like Siemens, the German Federal Government and many more. For Nextcloud, security is key: the need for data protection and privacy that drives most of its users to the platform relies on being able to trust the project's effort in keeping data safe. For this reason, Nextcloud runs a security bug bounty program since its inception in 2016 and with great success.

In this blog, Nextcloud GmbH announces we've doubled our security bug bounties in an effort to drive even more scrutiny to our platform and demonstrate our commitment to data protection to our customers.

Nextcloud is the only enterprise file sync & share / content collaboration platform in the on-premises market which has a well maintained security bug bounty program and up to USD 10K bounties. You should ask yourself – is it wise to trust your data to a vendor which doesn’t trust its own product to withstand the scrutiny that comes with such a program?

— Frank Karlitsche, CEO of Nextcloud GmbH

Security bug bounties?

Despite a great security track record and many innovative security hardenings added to Nextcloud over the years the reality is: security is hard, and mistakes are just unavoidable. The largest IT companies with big, well paid and experienced security teams still encounter regular, embarrassing breaches. For this and more reasons, Security Bug Bounties are a 'security best practice' followed by large organizations like Microsoft, Uber, Github, Twitter and Slack.

Shortly after we founded Nextcloud, we announced a security bug bounty program offering a significant monetary reward for reports of security vulnerabilities within Nextcloud.

Does a bounty program replace security work?

Running a security bug bounty program does not replace internal security expertise, rather it augments existing security work.

We can and do make breaching a Nextcloud server as hard as possible for an attacker. We do that first by having a strong process aimed at writing secure code, training our developers to take security in account and reviewing designs in advance and the code itself after it has been written. Second, we secure Nextcloud pro-actively by introducing security hardenings which decrease the likelihood of a successful exploitation. By performing internal testing, we get the confidence required for shipping. And last but not least external testing such as via our bug bounty program as well as regular security audits by various third parties (including customers) gives us another set of hundreds of eyes looking over our code and potentially discovering issues within our software.

And they have found things!

results

We counted our HackerOne activity since we launched the program. After removal of some invalid reports (sometimes things get reported on out-of scope things like our infrastructure), we have these statistics:

  • Total of 222 reports submitted
  • Paid $2750 in bounties
  • 23 reports received a bounty ($120 per report on average)
  • Average response time: 12 hours
  • Average triage time: 1 day
  • Average time to resolution: 1 month

Doubling up

Running a bug bounty program is something you should take seriously to get the most out of it. That means responding quickly – we're proud of our leading response times and response quality on the HackerOne platform, showing our team takes the security issues very serious.

We're also proud to offer some of the highest competitive bounties in the open source software industry, rewarding responsible disclosure with up to $5,000 for qualifying vulnerabilities.

In our announcement today, we pledged to double the amount of $5,000 to up to $10,000, signaling we continue to put our money where our mouth is! There are two reasons why we increased the bounties today.

First, since we announced our program in 2016, the use of Nextcloud has grown explosively. Today, between 200.000 and 300.000 Nextcloud servers provide secure, privacy-respecting file exchange and collaboration services to a massive number of users.

The average size of Nextcloud servers certainly has also gone up. Today, dozens of our customers count their users in the tens or hundreds of thousands, back in 2016 of course this was not the case.

On top of that, these customers now include major governments like the German, French and Dutch, dozens of cities, large corporations like SIEMENS…

With more users comes more risk: a security exploit for Nextcloud has more value today than it did in 2016!

Second, after a few years, much of the lower-hanging fruit has been caught. While the program has been very successful, we'd like to keep it that way, accelerate it even! By increasing the rewards, we hope to attract even more expertise, efforts and thus scrutiny to our platform.

Go catch boogs!

We are grateful to the thousands of people who have scrutinized Nextcloud and the hundreds who've reported issues they found. We hope that, with a doubling of our security bug bounties, we continue to benefit from the massive expertise available on the HackerOne program and in the global white-hat hacker community!

Consistent file system view with Nextcloud and IBM Spectrum Scale

Spectrum Scale logo

At large scale, file storage becomes progressively complicated. A collaboration between Nextcloud and IBM has made the leading large scale file storage and leading content collaboration platform a perfect match for storing, sharing and working with large volumes of data. Visitors of the Nextcloud Conference, September 14 and 15 in Berlin, will be able to learn more about this integration from some of the engineers behind the effort.

Nextcloud

Nextcloud is a flexible, on premise Files Sync and Share and Collaboration platform. Nextcloud was designed to make content easily accessible to all members in an organization, wherever the content resides and however the member needs to access it. It features an easy, consistent user interface with extensive collaboration capabilities on mobile, web and desktop and conforms to the highest security and data protection standards. Nextcloud is highly extensible with apps adding functionality and offers deep integration in infrastructure like user management and storage.

IBM Spectrum Scale

IBM Spectrum Scale is a high-performance file system for managing data with the distinctive ability to perform analytics in place with comprehensive support for data access protocols including POSIX, NFS, SMB, HDFS and S3/Object. It can provide a single namespace for all this data, offering a single point of management with an intuitive graphical user interface. IBM Spectrum Scale offers high scalability, high availability, automated data management and reliability with no single point of failure in large file storage infrastructure.

Nextcloud storage

A Nextcloud installation requires a primary storage and optionally can extend this with external storage. The primary storage is used to hold all the files and metadata of the users like home directories, versions, encryption keys, trash bins and more. Any object storage using the S3 or Swift APIs can be used as primary storage. But most users use some kind of POSIX compatible file system as primary storage. IBM Spectrum Scale is a popular choice due to its reliability and scalability.

Besides the primary storage used for various metadata like thumbnails, a Nextcloud installation typically integrates external storage. Through this external storage, Nextcloud can aggregate all the storage pools in an organization and make them accessible to the users via one familiar, easy to use interface across platforms and locations. External storage can be any storage that is accessible via SMB, NFS, (s)FTP, S3, SWIFT, WebDAV, Sharepoint or various other protocols.

Challenges

To function effectively, Nextcloud needs to be continuously aware of all changes in the external storage such as create, rename, write and delete operations. This is needed to keep the metadata in Nextcloud in sync, to manage file version, activity streams, user notifications, manage efficient syncing to offline clients and more. This is easy if Nextcloud has exclusive access to the storage solution, a requirement for its primary storage. However, with external storage, this is often not the case. Files can be modified by various business processes and tools or by the user through another interface such as SMB or NFS. Still users expect the latest version of each file that are created or modified outside Nextcloud to be available in Nextcloud for immediate access, sharing and syncing. A business application could make files available on a internal FTP drive, for example, or users could modify files through Sharepoint. When files are modified through means other than the Nextcloud interface, an update of the Nextcloud internal metadata is needed. Nextcloud has the ability to scan an external storage for changes, but this introduces delays and introduces scaling limitations. At a large scale, even solutions like inotify or SMB notifications are insufficient due to their technical limitations.

Spectrum Scale Clustered Watch

IBM Spectrum Scale 5.0.3 introduces the Clustered Watch feature to improve the monitoring of activities in a Spectrum Scale file system. By monitoring activities in the file system it is possible to automate responses to file access events. For example, a Spectrum Scale administrator can set up a Watch to log every file CLOSE event into a configurable log file. The log file can then be parsed periodically by an external application to trigger further processing of the file.

Spectrum Scale Clustered Watch is designed to emulate Linux inotify, but it has some significant advantages to simplify the response to events. IBM Spectrum Scale is a distributed file system that can be mounted on many cluster nodes. Spectrum Scale Clustered Watch gathers the Watch events from all nodes and makes them available at one consolidated place. Furthermore, in contrast to Linux inotify a Spectrum Scale Watch on a directory monitors the activities not only in that directory and but also in all its subdirectories.

The integration solution

IBM, Nextcloud and the University of Augsburg worked on an integration to improve the performance and scalability of IBM Spectrum Scale as external storage for Nextcloud. In late 2018 and early 2019 a proof of concept integration was developed. This proof of concept uses Spectrum Scale Clustered Watch to track all changes in the file system and notify Nextcloud. The result is that the file structure view in Nextcloud is within less than a second in sync with the state of the file system, even on very large external storage deployments. The integrated solution is designed to be very scalable and will work in a setup with a large number of Nextcloud application servers and large Spectrum Scale file systems.

Technical implementation

The integration solution can run on one or more Nextcloud application servers and is designed to use Redis. Redis is used in Nextcloud for caching and file locking handling. It is a well tested solution which scales with Nextcloud use, allowing for clustered deployments.

The integration tool receives Spectrum Scale Watch events every time a file is changed in the Spectrum Scale file system. The tool then uses a queue in the Redis database to notify Nextcloud of the change. A background service in Nextcloud consumes this queue, scanning the files and updating the Nextcloud index with the changes. This Nextcloud background service can run in parallel on several application servers and the load can be distributed over multiple Redis server to ensure high performance and full scalability.

Availability

This solution is available for mutual customers today but requires at least Spectrum Scale 5.0.3 and Nextcloud 17. Contact Nextcloud for a deployment or proof of concept.

At the Nextcloud Conference, September 14 and 15 2019 in Berlin, IBM Spectrum Scale specialist Ulf Troppens and Nextcloud file systems engineer Robin Appelman will discuss the integration.

Summary

IBM Spectrum Scale and Nextcloud provide a reliable, scalable and performant solution for highly secure data storage that is suitable for modern organizations and their needs for efficient team collaboration. The flexible design of both solutions enabled the development of a efficient integration technology, improving the scalability and responsiveness of the solution. All files are accessible directly via the Spectrum Scale file system or via Nextcloud without compromises in performance and user experience.

Please contact IBM or Nextcloud for more information.

RSS-Bridge 2019-09-12

General changes

  • Respect passed headers for file_get_contents() (#1234)
  • Fix double XML encoding on Atom feed title (#1247)

New bridges

Modified bridges

  • AutoJMBridge

    • Adapt to changes (#1255)
  • DanbooruBridge

    • Decode href of HTML element to avoid double escaping (#1262)
  • DailymotionBridge

    • Use API for playlist and user account feeds (#1217)
  • DealabsBridge

    • Follow website change (#1256)
  • FacebookBridge

    • Remove relative date from content (#1212)
    • Prevent sending empty header (#1239)
  • GQMagazineBridge

    • Adapt to changes (#1281)
  • HaveIBeenPwnedBridge

    • Add item limit parameter (#1219)
  • HentaiHavenBridge

  • InstagramBridge

    • Attempt to fix the queries in order to bypass rate limiting (ccef6b9)
    • Fix Instagram stories and user id finding (48ebed7)
    • Remove condition that forces cache ignoring (7aba799)
  • InternetArchiveBridge

    • Fix malformed URLs (#1222)
  • LeBonCoinBridge

    • Submit user agent to LBC to get results (a86a945)
  • NovelUpdatesBridge

  • PikabuBridge

    • Added filtering by user (#1266)
  • Rule34pahealBridge

    • Fix thumbnail uri (#1278)
  • ThePirateBayBridge

    • Switch back TLD to .org (2b4a030)
    • URI fix, add magnet link (8bff63d)
    • Fix PHPCS code violations (38960df)
  • TwitterBridge

    • Get cookies before sending request (#1232)
    • Enable cookies with curl (#1245)
  • UnsplashBridge

Removed bridges

No bridges were removed in this release

Nextcloud conference 2019: Renata Avila

Meet Renata

Executive Director, Smart Citizenship Foundation

Renata Avila, (Guatemalan), is an international Human Rights lawyer, specializing in the next wave of technological challenges to preserve and advance our rights, and better understand the politics of data and their implications on trade, democracy and society. She is currently writing a book on digital colonialism and designing international policies and prototyping technology for a democratic future. She is a Board member for Creative Commons and co-convener of the Progressive International. She also serves as a Board Member of the Common Action Forum and a Global Trustee of the Think Tank Digital Future Society. She is a member of the WEF’s Global Future Council on Human Rights and Technology and a Steering Committee Member of the Information Society Advisory Council (CSISAC) for the OECD.

Presentation

Renata will be our keynote speaker at Nextcloud conference 2019!

Converging crisis: an opportunity to advance our rights and save our planet

Sunday – September 15 – 10:00

Check out the schedule for both days of the conference!

Have you got your ticket? What are you waiting for? Register now! Or shoot us an email to events@nextcloud.com for a free contributor ticket! Remember that no contribution is too small to ask.

How it all started

Renata did her Master of Laws in Italy, focused on Intellectual Property and Technology over a decade and a half ago. There she discovered the importance of digital rights for human rights, such as the right to know, the right to privacy, access to knowledge, freedom of expression… and she also entered the World of Free Culture and Free Software movements.
“As a human rights activist, it was easy to reconcile struggles.”

Fighting for a better internet

“It means fighting for an Internet, as Francesca Bria says, that is rights preserving and human-centric. It means fighting for democracy and human rights, but also fighting to solve with it the current climate crisis. It is negligent to isolate our struggles. When people talk about a Green New Deal, in my view it has a Green New Internet as part of it.”

Current and future projects

Renata is working with her team in Rio, Brazil and Santiago, Chile offices on three big projects to take back the power of technology to the people.
“We are working to tackle gender inequality in algorithms, with policies and tech pilots, we are educating citizens and, especially, cities about digital rights and their duties, we will be training over hundred mayors from Latin America next two years, and we are launching a Latin American alliance to increase awareness on the power of digital whistleblowing, but also anonymity and encryption. While the topic is old here, in Latin America is just taking off and it is crucial.”

Check Renata Avila’s presentation at the Nextcloud Conference and register now!

Contributors, app developers and all people who want to attend the conference but can’t afford to buy a ticket can shoot us an email to events@nextcloud.com and get a ticket free of charge.

See you in Berlin!

 

Nextcloud conference 2019: Laura Gaetano

Photo by Zoë Noble

Meet Laura

Laura is a designer and developer and the former organizer of Rails Girls Summer of Code — a 3-
month scholarship program to support women in the Open Source community. With a
background in the visual arts and a non-traditional career path, she landed in tech as a web
developer somewhat by accident. Laura is passionate about Taekwondo, making things, open
source software, feminism, music and space (as in rockets).

Presentation

Laura will be at  Nextcloud conference 2019!

Panel: Making Open Source more diverse

September 15 – Sunday – 12:00

Check out the schedule for both days of the conference!

Have you got your ticket? What are you waiting for? Register now! Or shoot us an email to events@nextcloud.com for a free contributor ticket! Remember that no contribution is too small to ask.

How it all started

Laura attended a Rails Girls event in Vienna in 2013. Rails Girls is a distributed initiative around the world to support women in making their first steps in programming learning the Ruby programming language. Even though she had built websites before (using html&css) and wanted to become a “web designer” when she was in high school, this was her first experience using Ruby and, most importantly, finding a local community of people who were as excited about building things as she were. Laura was interested in giving back, so she became a coach at other Rails Girls events around Europe (Brussels, The Hague, Milan to name a few) and volunteered for Rails Girls Summer of Code next to her programming job.

“One thing led to another and a couple of years later I found myself leading the RGSoC program. Along with this position came the responsibility to educate myself on diversity and inclusion and forced me to be more aware of issues beyond gender diversity. It was a great (and uncomfortable) experience for me because I got to lead a team of awesome volunteers and was learning something new at the same time.”

Fighting for a better internet

Because of Laura’s experience and background, fighting for a better internet to her primarily means to think about inclusion: How do we build communities that are healthy and supportive, where people from marginalized groups feel accepted? How do we educate developers, managers, and people in leadership positions to think about accessibility first rather than making it a “nice to have”? How do we create a sustainable system to support the open source projects we are all dependent on in our day-to-day work?


“These are super difficult questions because in some cases it means completely rethinking the
systems and communities we are a part of and evaluating whether they really work; it also means
that we need to make space for people to speak and amplify the voices of marginalized folks.”

Current projects


“I’m currently taking a bit of a break to redirect my career away from management into design. I
hope to spend the next few months finishing the #DailyUI challenge — a 100-day design challenge which I started back in October and paused in mid-February”

Laura will be posting the #DailyUI work on this twitter thread.

There’s a few things Laura wants to start doing more of: writing, working on open source, collaborating with people; but she is not really sure what’s coming next, so our best bet is to follow her on Medium and twitter to stay up-to-date.

Check Laura Gaetano’s talk at the Nextcloud Conference and register now!

Contributors, app developers and all people who want to attend the conference but can’t afford to buy a ticket can shoot us an email to events@nextcloud.com and get a ticket free of charge.

See you in Berlin!

The schedule for Nextcloud conference 2019 is here!

What’s expecting you on September 14-15 at the Nextcloud conference 2019 ? A relaxed atmosphere and a schedule featuring 2 keynotes, talks, lightning talks, technical talks, workshops, a booth area and a party!

Check out the full program for the weekend and come and join us!
Learn more about Nextcloud or find out how to start contributing if you are a beginner, discover what’s new in Nextcloud if you’re a fan and share your thoughts & opinions with others on the values that matter to us: open source and free software, self hosting, privacy, decentralization.

If you’re up for intensive coding sessions, our hackweek will take place the week after the conference. You are welcome to join!

Have you got your ticket? What are you waiting for? Register now! Or shoot us an email to events@nextcloud.com for a free contributor ticket! Remember that no contribution is too small to ask.

SATURDAY PROGRAM – SEPTEMBER 14

Time Talk
10:00 – 11:00 Opening Keynote, Frank Karlitschek, Nextcloud
11.00 – 11.30  Mythbusting Documentation, Markus Feilner, Heise
11.30 – 12.30 Panel: Public Money, Public Code!
12:30 – 14:00 Lunch
14:00 – 14:30 Our Not-So-Secret Future, Jillian York, EFF
14:30 – 15:30 Lightning talks
  1. Collaborative editing with Nextcloud Text
  2. Next steps for the Android Client
  3. YunoHost & Nextcloud, the selfhosted cloud for a better privacy
  4. GSoC 2019: Expanding NextCloudPi
  5. Introducing Nextcloud to NGOs – is it all technical?
  6. Who needs money? – Cash for FOSS
  7. Why the Opensource Center by Atos is developping a business model around Nextcloud ?
  8. The importance of polishing list in Open Source
  9. Spectrum Scale usecases
  10. DICOM viewer – Medical Imaging in. Nextcloud
  11. OnlyOffice
15:30 – 16:00 Building Workflows
16:00 – 16:30 Break
16:30 – 17:30 How to start contributing to Nextcloud
17:30 – 18:30 Learn how to develop a Nextcloud app

SUNDAY PROGRAM – SEPTEMBER 15

 

Time Subject
10:00 – 11:00 Keynote, Renata Avila
11:00 – 11:30 Who owns the robots? Why open hardware matters for development, Geraldine de Bastion, Konnektiv
11:30 – 12:00 Stand up and act!, Thomas Lohninger, Netzpolitik
12:00 – 13:00 Panel: Making Open Source more diverse
13:00 – 14:30 Lunch
14:30 – 15:30 Lightning talks
  1. Solid/Inrupt
  2. 🐙 The left-handed oil test
  3. The Investigative Cloud
  4.  How to make your Nextcloud storage quantum safe
  5. Integrating Nextcloud to an end-to-end encrypted communication platform
  6. Nextcloud and Univention: introduction and real usecases
  7. Installing Nextcloud on your router
  8. Backing up your router to your Nextcloud
  9. A privacy-friendly Android backup solution over WebDAV/Nextcloud (proof of concept)
  10. Digging deep – A short overview on debugging Nextcloud and apps
  11. Managing LDAP from Nextcloud
15:30 – 16:00 Break
16:00 – 17:30 Bring your Nextcloud app to Vue.js
17:30 – 19:00 Africa Hack Trip movie

 

Register now!

Nextcloud and Collabora scale real-time collaboration to hundreds of millions of users

We’re happy to announce the result of a collaborative effort to make Collabora Online available to customers with tens of millions of users through our innovative Nextcloud Global Scale architecture. The technological advancements also benefit distributed, federated private clouds, enabling cross-cloud collaboration between separate Nextcloud servers that have files shared between them.

Global Scale has been in production since 2017 in a commercial setup for tens of millions of users across 4 continents. Several other customers have deployed or began experimenting with Global Scale in the last years. Thanks to the new integration, Collabora Online installations at multi-million user scale are now set to roll out.

Our mission at RENATER is enabling seamless collaboration between over a thousand research and education institutions in France in order to protect the security and confidentiality of data. We study and experiment deeply Nextcloud Global Scale for its highly scalability capacities and its reliability that fit the needs of our project.

– Alexandre Salvat, Drive Project Manager – Pôle Projets Transverses et Innovation (P2TI) – RENATER

Global Scale for the largest installations

How a Global Scale architecture looks
As a mature and real world tested solution, Nextcloud Global Scale offers Nextcloud customers a way out of traditional, costly scalability limitations like data center uplinks, load balancers and database, storage and cache. Global Scale enables virtually limitless scalability of Nextcloud deployments at high cost efficiency by transparently distributing users across multiple nodes. This takes away the need for a central database, storage and cache solution, enabling individual nodes to take advantage of inexpensive commodity hardware to save costs and increase flexibility. Single production nodes have already shown to scale to 250.000 users as part of a larger Global Scale setup. Even the limitations of a single data center in terms of capacity and up-link do not limit the size of a Global Scale deployment, as nodes can be in any location. This also allows installations to improve performance by moving data closer to the physical location of users or enforce strict data locality rules to comply with legal or security requirements.

As the market demands every deeper integration of content collaboration technology, partnering with a leading document collaboration provider like Collabora Productivity is the best way to deliver our customers the solution they need. Globally active, demanding enterprises require excellent, real-world tested and truly scalable solutions only our partnership offers.

– Frank Karlitschek, CEO of Nextcloud GmbH

Collabora Online integration

Within a Global Scale architecture, enhancements to Collabora allow users from different nodes to transparently collaborate in a single document editing session. This means a combined Nextcloud Global Scale + Collabora instance can deliver real-time document editing at a truly global scale, with users collaborating across data centers, countries and continents.

As Collabora proceeds to deliver its document editing solutions to exceedingly large enterprises, we are excited to collaborate with a proven scalability leader like Nextcloud. This is vital to meet the needs of big organizations. Large scale deployments require reliable service combined with the excellent user experience our partnership provides.

– Michael Meeks, General Manager at Collabora Productivity.

For home users

Private users and smaller installations also benefit from the improvements to Nextcloud Global Scale and Collabora Online, gaining the ability to collaborate on documents they have shared between their private clouds. This federation feature, invented by Nextcloud team members and standardized under the Open Cloud Mesh OCS standard, lets users share files between different servers as easy as sending an email. With the latest version of the Collabora Online Nextcloud integration app, users will be able to work directly with others on files that are shared between Nextcloud instances.

Several customers are expected to roll out Collabora Online in a Global Scale context, supported by Nextcloud and Collabora. For more information about a Global Scale deployment, contact Nextcloud GmbH.

Nextcloud conference 2019: Thomas Lohninger

Meet Thomas

Thomas Lohninger is Executive Director of the digital rights NGO epicenter.works in Vienna, Austria. He is Senior Fellow of the Mozilla Foundation working on Net Neutrality in the European Union. The Center of Internet and Society of the Stanford Law School holds him as a non-residential Fellow. He worked in Brussels on the European Net Neutrality regulation as Policy Advisor for European Digital Rights and is on the board of EDRi since 2019. His background is in IT and Cultural- and Social Anthropology.

Presentation

Thomas will be speaking at the Nextcloud conference 2019!

September 15 – Sunday – 11:30

Stand up and act!

How FOSS can save the day in EU digital rights

How it all started

Thomas has always felt a passion for technology and using new media to empower people in democratic decisions. His first campaign was against data retention and ACTA.
It all started as a hobby, but after a few years, in 2014, this passion became a job.

Digital rights and a better internet

The important decisions on how empowered we are when using technology, Thomas believes are made in our generation. His doubt is, if these decisions are made democratically or as part of the business decisions of global cooperations. This is why he is involved in digital rights.

“Without a free and open internet that allows for decentralized, self determined flows of information, we will lack the capacity to tackle the other global problems, like climate change.”

Projects

Now we are letting Thomas speak about his current and near-future projects, himself.


“We are in the middle of a net neutrality reform in Europe where the telecom industry is using the upcoming mobile network standard 5G as a bullet to shoot loopholes in the regulation that protects half a billion people to impart information without gatekeepers.
In the courts we are still litigating against the data retention of our travel movements, the so called PNR directive. The goal is to kill this EU surveillance law, like we killed the EU data retention directive in 2014. We run a scientific project to evaluate all surveillance laws in Austria, called Handbook on the Evaluation of Anti-Terrorism Laws (HEAT). We have set our eyes on the last big battle in Europe that will soon hit home.
As some will remember, we lost the battle against the copyright holders about upload filters / Article 13. Until June 2021 this directive has been implemented and we will help with this political process in a few EU countries that don’t have strong domestic digital rights NGOs.
Part of our upcoming work stream is also the work on the so called “Digital Service Act”. This piece of EU legislation will govern when an online platform becomes liable for the content that their users generate and how they should or shouldn’t moderate speech. I expect this to be a bigger lobby battle than the GDPR and the copyright directive combined, because so many different stakeholder interests will clash against each other. We will soon put forward how a fundamental rights friendly proposal could look like to contribute to the debate early on before the legislation is released around 2020.”

Check Thomas Lohininger’s talk at the Nextcloud Conference and grab your ticket here.

Contributors, app developers and all people who want to attend the conference but can’t afford to buy a ticket can shoot us an email to events@nextcloud.com and get a ticket free of charge.

See you in Berlin!

Nextcloud conference: Markus Feilner

Meet Markus

Markus Feilner is a Linux specialist from Regensburg, Germany. His Linux roots date back to 1994, and since 1999 he has been running his own Open-Source-business as a consultant, trainer, author, presenter and host. Today, Markus is working as managing/senior editor at Heise iX, Hannover.

Presentation

Mythbusting Documentation – Saturday – September 14 – 11:30

“Sales and marketing people know they cannot sell products without
documentation, but developers and managers often have a different view. The
most common misconceptions about documentation are phrases like “everybody can
write” or “documentation isn’t technical”, “no one reads it anyhow” and “good
software doesn’t need documentation”.
This talk also has a short look on “Agile Documentation” and what a perfect
documentation writer should look like. And why the developer is the best
equipped but least wanted “documentarian”. Trust me, I know what I talk about,
I’ve managed documentation at SUSE for the last five years.”

How it all started

Since school times Markus has been interested in politics and his earliest engagement, a short time with Robin Wood, dates before the internet, in the early nineties.

During his university studies of geography he got accustomed with
Linux and the Open Source philosophy. This is what helped him get involved or
interested in larger, long-term planning and solutions and gave him a more
systematic approach to society or even planetary problems.
“I guess that’s how it started, open source is known to spark contribution(s) and thought.”

Fighting for a better internet

I would like to see a basic human right to live an ad-free life and
surveillance being punished much harder.

Markus believes that things break when corporate interest and advertisement break into new systems. To him, “A better internet” would be something like the 21st century tech, back to what the internet meant in the nineties.
“For the conservative right-wing politicians, the internet seems to be a lawless zone, where they don’t have to bother about constitutional rights and privacy. If we build a new one, which I am convinced we will, the next gen internet aka plaNet will be like that. Well, at least if we manage to save our planet first.”

Current projects

Extinction Rebellion
“Act Now We are unprepared for the danger our future holds. We face floods, wildfires,
extreme weather, crop failure, mass displacement and the breakdown of society.
The time for denial is over. It is time to act.


Conventional approaches of voting, lobbying, petitions and protest have failed
because powerful political and economic interests prevent change. Our strategy
is therefore one of non-violent, disruptive civil disobedience – a rebellion.
Historical evidence shows that we need the involvement of 3.5% of the
population to succeed – in the UK that’s about 2 million people.”

ActivityPub
“Don’t you miss the days when the web really was the world’s greatest
decentralized network? Before everything got locked down into a handful of
walled gardens? So do we.”

Check Markus Feilner’s talk at the Nextcloud Conference and grab your ticket here.

Contributors, app developers and all people who want to attend the conference but can’t afford to buy a ticket can shoot us an email to events@nextcloud.com and get a ticket free of charge.

See you in Berlin!

Prototype Fund: secure funding for your Open Source project!


Do you have a great idea for an open source project but no time to build it on your free time? Always wanted to build a Nextcloud app but don’t know how to get funding to get started? The Prototype Fund is calling for applications, giving you the possibility to raise up to 47.500 Euro, and (finally) focus on building your open source project for 6 months.

Engineering Trust!

In the growing complexity of our society, trust is in limited supply. You have to trust what you eat, where you get your news and how your data is kept secure. For their 7th round of funding, the Prototype Fund is looking to support projects designing innovative solutions that provide transparency, security and consumer protection.

The focus “Engineering Trust” covers a whole range of projects (examples here) that can be relevant to Nextcloud and its ecosystem. Think journalism, social media, communication, security, transparency, accountability. Think trust between people, between them and their devices, citizens and institutions, corporations, and more. The need for trust is everywhere, and there are many ways to improve it.

Do you have a project that doesn’t fit the main focus for this round? Don’t hesitate to apply anyway: The Prototype Fund is always looking to fund great open source projects, even if they are not related to the main focus of the round of funding.

Pushing digital social innovation

The Prototype Fund aims to support individuals and small teams in building innovative open source solutions around the topics of civic tech, data literacy, security and software infrastructure. Any projects that fit these criteria are welcome, whether they are related to the main topic of the round or not, as long as they are open source and innovative. You can apply for the current round of funding until September 30th on prototypefund.de.

The Prototype Fund will fund a developer or a small team for half a year. As the project is funded by the German Ministry for Education and Research, in order to be eligible for funding, at least one member of the team needs to live in Germany (citizenship doesn’t matter!).

Want to know more? The Prototype Fund team will present their project and tell you more about how to get funding for your open source project at the Nextcloud Conference, so come ask questions there!

<
Some apps

Build on Nextcloud

Being the most popular self-hosted application platform, Nextcloud is great to build a new solution on. The most downloaded apps on our store are installed on over 100.000 servers and have millions of users, providing a big impact for a new app or idea!

Nextcloud is also relatively easy to develop for, with extensive documentation and hundreds of existing apps to look at and get inspiration from. As is extremely scalable and can run on anything from a Raspberry Pi to a large cluster with millions of users, there are no limits to who can benefit from the result of your work.

So do you have an idea on how to detect and block the spread of misinformation on decentralized social networks? Found a way to security prove identities and distribute those proofs? Ideas about how citizens could monitor their government and how they could pool resources and analyze knowledge obtained that way?

Build it on Nextcloud! Of course, the Nextcloud Conference is a great place to start learning how to write Nextcloud apps!

You can find out about the Prototype Fund round 7 here and get started with Nextcloud development here.

Updates on the Nextcloud app contest

Is this the first time you hear about the Nextcloud app contest? Learn more!

New deadline: publish your app until September 1st

We’ve noticed that many recent apps that got a certificate for publishing are not in the app store yet. Please, make sure your app is in the app store on the 1st of September so it is part of the contest!!!

Check our new developer page or let us know if you need anything to make that happen! And please keep in mind: an app doesn’t have to be perfect to be in the app store! The idea matters. With help from the wider community, you’ll be able to improve it after its first release. This is open source: release early, release often!

You might be one of the top contenders 💝💝💝

Did we miss your app? Let us know!

Here is a list of new apps we could find that have been published in the app store after July 17, the day when the contest was announced.
If you have published your app around then or even after August 29 and we missed it, let us know. Email us so we can include it in the contest!

picture of apps from the store
Apps apps apps!

Published apps we found:

And again: publish your app in the appstore before September 1st even if it is not perfect yet! We know you have the certificate 😉

Join us in the Nextcloud conference

Have you marked the dates? The Nextcloud conference takes place on September 14-15 in Berlin. All app developers get a free ticket for the event. Shoot us an email and we will provide you with a free ticket 🙂

Nextcloud conference 2019: Geraldine de Bastion

Meet Geraldine

Geraldine de Bastion is a bilingual (en/de) political scientist with an intercultural background and experience working with activists, governments, startups and NGOs across the word. Her work focuses on digital transformation and international cooperation, innovation, and human rights. She will be rocking the Nextcloud Conference this year with a talk about usecases in healthcare for Open Hardware!

She founded the consultancy firm Konnektiv in 2013. Konnektiv advises various organizations including the City of Berlin and the German Federal Ministry for Economic Cooperation and Development on digital transformation.

In 2018 she authored and moderated the Arte documentary “Digital Africa” which captures many of the innovators active in the GIG network.
Since 2012, she has been part of the curatorial team for the re:publica, Europe’s largest conference on the topic of the Internet and society, and regularly organizes and curates events in the field of politics and digitization.
In 2018 she organized the first re:publica in Accra, Ghana with over 2000 participants and over 260 speakers from across Africa.

Projects to highlight

Current

Geraldine is also the founder of the Global Innovation Gathering (GIG), a network of grassroots innovators, social entrepreneurs, founders, and managers of makerspaces, hackerspaces, and innovation hubs, shaping digital communities for social and sustainable innovation around the world.

Upcoming

Impact Summit DOTS

Soon to be launched

Open health device plattform

Presentation

We will make the schedule and the following info available soon.

Tittle – Time – Day – Description

How it all started

When she had just started university, Geraldine founded her first NGO and started organizing peer to peer digital media trainings for youths. The internet was young and innocent when she co-built a platform for young people to network and publish school or youth magazines, way before blogs or other platforms were “shaped”.

“ Everything was super exploratory and experimental at the time. We soon began thinking about how to translate activism to the online space. With the first efforts to regulate the digital forms of activism and civil disobedience came the interest in internet regulation and digital rights and I have been active in the field ever since.”

Fighting for a better internet

“Resources crucial to the development of humanity should be open and accessible for all, including access to internet and the resources it provides as well as how ownership and use of data is managed in societies.”

Geraldine believes that fighting for a better internet means fighting for access, openness and transparency. It is supporting decentralized, independent structures, grassroots innovation and the idea of a globally connected society that is not steered or owned by monopolistic corporates but collective and diverse.

Check Geraldine’s talk at the Nextcloud Conference and grab your ticket here.

Contributors, app developers and all people who want to attend the conference but can’t afford to buy a ticket can shoot us an email to events@nextcloud.com and get a ticket free of charge.

See you in Berlin!

Nextcloud Talk offering secure corporate messaging for SCM LIMITED

SCM logo

JSC System Capital Management Ltd or SCM (wikipedia) is a holding company that manages tens of billions in industrial holdings and production assets that are SCM Holdings’ investee companies. When looking for a simple, secure and well designed messenger platform that could be hosted on-premises, a decision was made for Nextcloud. A Professional Services project from Nextcloud GmbH provided several features SCM required and today, the legal, human resource, financial and PR experts of SCM can easily communicate and collaborate during their business trips.

We spoke with Andriy Sofinskiy, manager of the Department for Digital Technologies and Information Security at SCM. He, and his manager, Department Director Fedir Korobeynikov, are big believers in the open source model.

“Just like the Department Director Fedir Korobeynikov, I support open-source solutions and believe they are a more secure and effective solution for the business community. Our company, as a customer and everyone who uses this product can benefit from our contribution to the open source code of this product, just like we benefit from contributions from other enterprises.”

Fedir and Andriy

SCM LIMITED as global player

The biggest industrial holdings operated by SCM LIMITED include Metinvest, DTEK, FUIB, Media Group Ukraine, Lemtrans, and others. Most businesses run by SCM LIMITED ­are based in Ukraine. However, their portfolio also includes production assets operating in Europe and North America including Italy, the UK, Switzerland, Bulgaria and the United States. Overall, about 200,000 people work at the industrial holdings and production assets operated by SCM LIMITED.

Need for a secure collaboration platform

We needed a simple, secure and universal messenger with a great design

The IT and Information Security department of SCM has made a strategic decision to deploy open source solutions. Andriy notes that open source solutions are “protected and supported better, grow faster and are updated more often. Open source code allows audits and identifying software bugs and information security vulnerabilities.”

Files uploaded

SCM employs a large number of experts in finance, legal matters an human resources as well as IT and public relations to support and expand its holdings. Frequent travel and remote work are crucial for the productivity of the teams.

Andriy: “Our employees go on business trips in Ukraine and abroad. These trips help them deal with their current tasks as they participate in industry-specific conferences and exchange professional experience. We provide our employees with corporate smartphones and laptops.”

The IT department identified a need for “a simple, secure and universal messenger with a great design.” Andriy: “Our team requires fast and effective communication via a secure corporate messenger as we exchange information, files, voice and text messages. Also, the public conversation function helps us engage our external partners in conferences or correspondence as well as keep history and files on our corporate secure servers.”

In Nextcloud Talk, the team has found “a good design with a responsive interface, the ability to send files from personal cloud to chat as well as thousands of positive reviews that give us confidence that we have a product which fully meets our expectations.”

Andriy notes that “Nextcloud has a big community, and more than 500 individuals and organizations participate in its development.” The large and active development community played an important role in the decision to choose Nextcloud over other solutions.

Expanding functionality

During the testing of Nextcloud Talk, SCM team members identified a feature they considered would improve productivity noticeably.

key requirement was an independent open-source platform with an on-premise server

Andriy: “Going by experience of our department, we can say that sending attached documents by email is not the most efficient way to communicate and is not the best way to store documents. Thus, we decided to replace this part of function with Talk because it is messengers that help quickly resolve issues or agree about a call if needed. It is really worthwhile to sharing a working paper that is stored in a secure corporate cloud with your colleagues and receive feedback immediately.”

picture of a phone with Nc Talk

SCM decided to work with Nextcloud to improve Talk, to give it the ability to easily share files between participants in a conversation. Moreover, when users tap to view this file, the Nextcloud app or Nextcloud web interface should open and show them the file. This provides an integrated solution for communication and collaboration. Andriy explains how the end result works for SCM: “Our employees can exchange instant messages including files stored on our secure Nextcloud server. Also, they can solve operational issues using encrypted audio and video conferences and be aware of any important document changes via a mobile phone with Talk application or any popular browser. This is a big advantage from a cross-platform perspective.

It is very important for our company to transfer files and documents at any time and from any place, even when the access to corporate mail or internet is limited. Our employees need this function for sharing and accessing files on their mobile phones and thus, they install Talk messenger. The files are cached in the Nextcloud mobile application, which is very convenient.”

The implementation satisfied the needs of the team and resulted in happy users. “We’d like to express our sincere gratitude and respect for the quality and timely work that was done under the SCM/Nextcloud project. We appreciate it that our investments will help ensure the development of Nextcloud and its community, in particular Talk as a means of communication, transfer and share files in a secure corporate environment.”

Given the positive experience, there might be future work done together. “This is the first time we’ve cooperated with Nextcloud and we look forward to a deeper partnership in the future. For example, we’d like to have an opportunity to manage chats and messages in Talk such as deleting and editing messages, temporary messages, hidden chats, etc.”

❌