One of the things that make Nextcloud awesome is our awesome community! The community helps us turn Nextcloud into something better than before and better than anything else!
We appreciate all the work and effort that the community contributes back to the project, by solving issues, reporting them, translating Nextcloud in other languages, promoting it or helping out other users on the forums.
While contributors give a part of their time to make Nextcloud nicer, we try to make it easier for anyone to get involved and the Android team has been working on that.
Are you using the Nextcloud Android client? If so, this improvement is for you: super easy testing of improvements by making a special build of the Android app for each change
This means that you can be the one to test an improvement you requested to confirm it is solved correctly. Or even test other fixes if you would like to. A direct download for every PR has been implemented, so anyone can test the APK that includes the fix in parallel to the production version you are using.
If you are an Android user and while using Nextcloud on your mobile phone you encounter an issue with the app, first you have to create a bug report on GitHub. It is recommended that you first search for that problem in the “issues” section, as somebody else might have already reported it. In case you don’t find it there, continue with reporting a new one.
Then, when the Android team works on it and fixes it, they will ask you to test it. All you have to do is download the APK file we will provide you with, and you will be able to install the version of Nextcloud that includes the fix, testing it in parallel to the production version. Check if the issue is solved and let the team know about the result by commenting on that issue on GitHub.
If it worked, you can delete the testing version and we will include the fix on the next release so you or everybody can get the updates from the app store.
Another way to get involved in testing the Android client is Nextcoud Dev app, which you can download on F-Droid alongside with the official Nextcloud app. The Dev version checks once a day if the source code was updated and gets the changes from there, making all new features available for testing before the official release. This way, you can check if new fixes of the app work properly and also test new features before they are released as part of the official app.
This is a super easy way to get involved to Android client testing. Check here for more ways you can get involved and become part of the awesome Nextcloud community!
With more than eight million customer contracts, IONOS is the leading European provider of cloud infrastructure, cloud services and hosting services. IONOS is Europe’s largest cloud and hosting provider and number two in the world! Nextcloud has teamed up with IONOS to offer users increased digital sovereignty: control over their data.
“Data sovereignty is an essential requirement for many customers when using cloud services to protect trade secrets. This applies to customers from the public sector as well as the private sector,” explains Frank Karlitschek, CEO of Nextcloud. Achim Weiß, CEO of IONOS, adds: “As German providers, IONOS and Nextcloud guarantee their users the sovereignty over their data – we rule out access by third parties as permitted by the US CLOUD Act. Our cooperation therefore gives Nextcloud customers the legal security they need”.
Nextcloud customers can use their data and applications on the IONOS infrastructure, allowing them to customize and add additional functionality under full control.
Both IONOS and Nextcloud are headquartered in Germany and are therefore subject to German legislation alone. Users therefore receive maximum protection against access based on the US CLOUD Act.
In addition, the two companies rely on open source and thus differ from the major US providers. “The consistent use of open standards ensures transparency. Anyone can view the code at any time, check it for security gaps and change it if necessary. Moreover, only on an open source basis is it easy to link data and applications with other systems,” emphasizes Achim Weiß.
In the coming months, the two companies want to further deepen their partnership and promote greater data sovereignty awareness. “Many companies and government agencies are putting much of their data in the hands of cloud providers from the USA. Nextcloud and IONOS want to work together to raise awareness of the fact that sensitive data in particular is better off with European providers,” says Achim Weiß.
Further information is available at: ionos.de/enterprise-cloud/nextcloud
New generation of leading content collaboration platform integrates office document editing and collaboration apps, introduces workflows, rich work spaces, file locking and more
During a keynote presentation in Berlin, Nextcloud CEO Frank Karlitschek announced the availability of a new product from Nextcloud. Nextcloud Hub is the first completely integrated on-premises content collaboration platform on the market, ready for a new generation of users who expect seamless online collaboration capabilities out of the box.
Nextcloud Hub 18 brings the following improvements to millions of Nextcloud users:
Watch these videos for an overview of what Nextcloud Hub can do for you!
Nextcloud Hub offers the most advanced on-premises collaboration platform complete with audio/video chat, real-time collaborative document editing, mail, calendar and contact management. Get started now!
Nextcloud 17 users can just upgrade as usual to 18, we encourage you to install the new and improved apps like Talk, Calendar, Mail, ONLYOFFICE and more. You will get notified of this recommendation on upgrade! As usual, upgrades only start to roll out after we’ve waited for initial feedback on the release, and roll-out is incremental so it can take a while until it is your turn. You can always update immediately by changing to the beta release channel, which serves 18.0.0 right now, and move back after the update!
When logging into Nextcloud you are immediately greeted by Workspaces. With Workspaces you can bring context to your folders, adding notes and even todo lists and links to files on top. This is great to coordinate with your team, making sure everyone knows what a particular folder is for. The best part: Workspaces are also available on mobile!
Nextcloud Files also introduces a new, more responsive sidebar with a number of improvements. It shows other users who have access to a file, even if it is nested deep in a shared folder, and proposes a secure password you can use for a password protected share.
Accepting incoming shares is now possible, and in the sharing settings you can choose to transfer ownership of a folder to another user.
Last but not least, Nextcloud Files introduces file locking, to prevent conflicts with colleagues who are trying to edit the same files as you do. Of course with the office documents and text files in which you take notes, you can conveniently edit with others in real time, but sometimes you have to download a file to make local changes and upload it again. Simply choose ‘lock file’ in the 3-dot menu and the file will be locked until you unlock it. You can see who locked other files, and of course ping them on Talk or in the comments if you want to know why!
Flow makes it easy to automate repetitive, boring tasks. For example, let’s say you are a sales person and send quotes as PDF. You set up a flow that turns documents into a PDF when you add a tag, say ‘to-pdf’. Or, say you want to put a message in your teams’ chat room when a partner uploads files in a specific folder.
Apps can include flow elements like triggers or actions, and separate flow apps can be build. If you’re interested in building for flow, check https://nextcloud.com/developer for documentation!
The first third party app that has flow integration is the Data Analytics app by developer Marcel ‘Rello’ Scherello. This application is designed to turn data into reports, tracking and analyzing data which can be imported through an API. Data Analytics provides modular datasources, a realtime or storage backend and flexibile visualization. Its flow integration allows it to monitor files for updates or act on other events on Nextcloud.
A video of Data analytics in action:
The wiki page about Data Analytics and Flow:
Editing office documents is a basic feature users expect from a online collaboration solution. Nextcloud is proud to be the first on-premises content collaboration platform to feature out-of-the-box, Microsoft Office compatible document editing through ONLYOFFICE.
With its latest release also comes improved integration, with our sidebar available so you can easily share, comment or look at older versions of the document you are working on.
ONLYOFFICE’s community edition is installed by default on a new Nextcloud installation. For users who already run Nextcloud, installing it requires just one click – like all Nextcloud apps! No need for docker containers, web server configuration or other complications.
A brand new image gallery makes finding, browsing and sharing your images easier than ever before.
Photos shows you a timeline of your photos. In the left sidebar you can find your favorites and tagged photos. You can also find pictures in all the albums you have access to, including pictures people shared with you and external storage.
We should also mention Locations which uses the Maps app. This shows where pictures are taken on the world map!
Nextcloud Hub, introduces a much refined interface rewrite of our popular Calendar app. This major release brings many user interface improvements as well as some basic feature enhancements like advanced recurrence, a busy-view for meeting planning and resource booking and more. Calendar 2.0 now has integrated Talk rooms, allowing users to add a chat and video call to a meeting.
Nextcloud Hub marks the introduction of Nextcloud Mail 1.0. This release introduces the ability toe extract travel information from emails. Mails from airlines or train companies will be accompanied with an easy overview of your travel plans and the trip can be easily added to the Calendar.
The 1.0 release marks a large improvement for Mail, with full support for rich text mails, improved account handling, signatures and more. Version 1.1 is already scheduled for early February and will introduce improved caching and threaded mail view.
Talk 18 features a rewritten user interface with a focus on improving the chat experience of users. A few highlights:
To prevent accidental clicks, Talk will warn you during a call that navigating away from the page will end the call.
Besides the direct improvements to Talk it is worth noting the benefits from integration with Flow and the Calendar.
As always – this has been a big release, with many improvements! And it would not have been possible without the help of our amazing community. Thank you all!!!
All the awesome, fresh new features of Nextcloud Hub (Nextcloud 18) have been made available today and some of them come to your Android client as well!
The 3.10.0 version of the Nextcloud Android client is out, bringing new functionalities and more than 150 fixes & improvements to the users. If your phone hasn’t updated yet, get the updates on Google Play or F-Droid!
Note: This release will be available on Fdroid after up to 24 hours.
Find out more details and the full changelog here.
The latest Nextcloud server release, introduces rich workspaces, which are available also on the Android client. This is a new feature that allows you to embed text above a folder view. You can describe what that folder is about, what kind of files it contains, the nature of the files on that folder or anything that is useful for the other users to know.
Note: This feature is available for servers that are running Nextcloud 18 (or newer).
This improvement makes it possible to click links even on a downloaded markdown file when you access it locally on your mobile, enabling full access the content of your files!
Markdown files are an easy way of taking meeting notes with your colleagues, drafting a new proposal during a team call, writing down some quick ideas or thoughts etc. After structuring the text with basic formatting in a human readable way you usually have to get back to it, maybe on the go, edit it again on your mobile and have full access on the content of that file. Maybe you need to share it with other people that will access it on their mobile. Or you might even need to create a complete new text file quickly using your mobile client.
Many syntax highlighting for markdown preview, in read mode only, became supported on the Nextcloud Android client 3.9.0.
With the new updates brought in this release you will be able to create new text files on your mobile and edit text on new or existing text files.
Collaboration on the go gets easier every time!
Note: This featuress are available for servers that are running Nextcloud 18 (or newer).
Nextcloud 3.10.0 for Android brings improved view of auto-upload items, based on your own preferences! When auto-uploaded folders and files are too many they can create a visual mess sometimes, depending on your auto upload settings. Now, it’s up to you to choose how you want them to be displayed!
You can choose whether to show or hide auto-upload folders:
The dark theme becomes available in the Nextcloud Android client 3.10.0!
Enabling the dark mode while using your devices enhances visual ergonomics and reduces eye strain. It adjusts the screen colours according to current light conditions, providing more comfort at night or in dark environments.
Of course many fixes, refinements and features are being made regularly and older versions of Nextcloud are not supported. If you run an outdated, unsupported Nextcloud, the Android app will warn you of the risks. Nextcloud 13 is the oldest release that will work with this version of our app and you will get a warning if you are still running Nextcloud 15 or older. We strongly recommend private users to upgrade their Nextcloud servers.
As companies sometimes have to use older versions, Nextcloud offers long term support. Contact our sales team for more information on this.
A big thanks goes to all the awesome members of our community that regularly help us make Nextcloud better, by translating Nextcloud to other languages or reporting and fixing issues!
Would you like to contribute to our Android app too? Check out all you need to know here.
We appreciate your feedback! If you’d like to share your comments with us, continue the discussion in our forums. What’s the best thing about the Nextcloud Android client so far?
We’re curious to know what do you like the most about Nextcloud?
Nextcloud has a page on Capterra, a site used by business software buyers to find suitable solutions. Do you think they should consider Nextcloud? Do you want to make us happy with some nice words?
Share your opinion in a review during the holiday season and Capterra will give the first 100 qualifying reviewers a $10 gift card!
First, we’d be happy to read what you think of Nextcloud – a positive review makes our day!
On top of that, every user can share their thoughts with others by rating Nextcloud and writing a review about their experiences. This way, Nextcloud has descriptions from the user’s perspective on Capterra and other prospective users can make the right decision about their private cloud software, more easily, based on real user feedback.
Note: gift cards will be sent 1-2 weeks after the review has been published. To be published, each review must pass Capterra’s validation, quality, and non-duplication processes.
Of course, in case you’d like to rate Nextcloud also when the offer has expired, you can do so in the following platforms:
We are looking forward to what you all have to say
Will you attend the 36th edition of CCC (Chaos Communication Congress) this year? It will take place in Leipzig again, this time under the moto ‘Resource Exhaustion’. We will be there and can’t wait to meet our amazing community!
We will have a boat this year again in the Open Infrastructure Orbit. Watch out for our big blue Nextcloud flag, and come say hi at our booth! Ask anything about Nextcloud, what’s coming next, how to get more involved, grab some cool stickers and tell us what you think about the project!
Event: CCC (Chaos Communication Congress)
Dates: December 27-30, 2019
Find more details about CCC here.
Do you know everything about Nextcloud? We bet there are 12 more things about what Nextcloud could do that you don’t know and Jos will be talking about these at the OIO Stage. Come and watch the talk!
A dozen more things you didn’t know Nextcloud could do – Jos Poortvliet
“Consider this a follow-up from my talk about 200 things Nextcloud can do last year! An update on what’s new and some cool new stuff. What, what is
Nextcloud? Let’s see. A private cloud is one way to put it, though that’s a contradiction of course. It is a way to share your data, sync your files, communicate and collaborate with others – without giving your data to GAFAM! Keep it on your own server, or something close (like a local hosting provider or data center). Nextcloud is a PHP app that does all that, and more! Easy to use, secure (really) and fully open source of course.”
Date: Saturday, 28 December
Already learned about Nextcloud Flow, coming in our next release? You can find out how to write flows in the talk by arthur!
“Nextcloud Flow is the overhauled workflow engine in upcoming Nextcloud 18. This talk describes how it evolved, how it works internally, and especially how own components can be built, so you can set up automatized tasks in your Nextcloud.”
Date: Saturday, 28 December
Check out the full program here for more talks.
We know that there will be other Nextcloud related talks at 36C3 but we haven’t been able to track them down yet, if you know of one, let us know so we can add it here!
The team behind all the organization of this awesome gathering still needs financial help to make the event possible. Check here if you like CCC and you want to contribute!
The Nextcloud iOS app has been updated again with a number of nice improvements since our last announcement, as you might have noticed already. Nextcloud 2.24.3 for iOS is available in the App Store!
Other fixes and improvements made include:
Document scanning feature
The document scanning feature gives you quality options for the PDF created and images can be rotated.
Document scanning lets you choose quality settings for the export. Options are:
As an example, this resulted in a one page PDF size with gray scale filter:
Images can be rotated before they are exported as PDF.
For more tips, stay tuned till the next release and subscribe to our release announcements newsletter.
We appreciate your feedback! If you’d like to share your comments with us, continue the discussion in our forums. What’s the best thing about the iOS app so far?
It is that time again: updates for the stable series of Nextcloud are available now. As always, these include stability and security improvements that are designed to be a safe and quick upgrade. This is one of the last for Nextcloud 15, so start planning an upgrade to 16. And those excited about Nextcloud 18 can start testing beta 3 which is available now!
Running web facing software without regular updates is risky. Please stay up to date with Nextcloud releases of both the server and its apps, for the safety of your data! Customers can always count on our upgrade support if needed.
This second minor release brings a wide range of minor improvements that fix corner case bugs, updates translations or deals with small design flaws.
Nextcloud 16.0.7 and 15.0.14 benefited from similar fixes, though far fewer in number. You can find the full 17.0.2, 16.0.7 and 15.0.14 changelogs on our website..
Meanwhile, the 3rd beta of Nextcloud 18 brings a massive load of bugfixes and improvements, bringing us a lot closer to stability. We’ve got a lot of testers making a real difference and we want to say – keep it up! Grab the beta from the Get Involved section bottom right on the download page!
Minor Nextcloud releases are security and functionality bug fixes, not rewrites of major systems that risk user data! We also do extensive testing, both in our code base and by upgrading a series of real-world systems to the test versions. This ensures that upgrades to minor releases are painless and reliable. As the updates not only fix feature issues but also security problems, it is a bad idea to not upgrade!
This is, of course, also true for apps: Keeping them updated has security benefits, besides the new features and other bug fixes.
If you are maintaining a mission-critical Nextcloud system for your enterprise, it is highly recommended that you get yourself some insurance (and job security… who gets blamed if the file handling system isn’t working as expected?). A hotline to the core Nextcloud developers is the best guarantee for reliable service for your users, and the job safety of you as system administrator.
As we want to offer business representatives an opportunity to meet our experts and learn more about Nextcloud, we’re planning to be present at many enterprise events. Meet us at Univention Summit 2020 in January!
Event: Univention Summit 2020
Dates: January 23 -24
Location: Bremen, Germany
Venue: Congress Centrum Bremen – Hollerallee 99 | 28215 Bremen
More information about the event here.
The Univention Summit will be a busy event for Nextcloud, providing one more opportunity to meet our team members. Come visit our booth and discuss our roadmap, latest improvements and development!
We will have a round table about digital sovereignty and our managing director will present a talk which answers many questions!
“It is 2020 and a change is in the air. Nextcloud today is the culmination of a decade of work, with a vision that has persisted and expanded, bringing digital sovereignty to individuals, businesses and governments. On-premises content collaboration is heading for the next level and Nextcloud is leading the way! Find out where we are going today. “
For more information on the talks keep an eye on the agenda.
As the new year quickly approaches, cyber criminals are once again preparing to attack individuals and especially businesses. Their attacks will be more sophisticated and even better at extracting money from you. We make three easy predictions for the next year and urge you to be prepared:
1. Ransomware authors will innovate, too.
We are all in awe of the possibilities new technologies like machine learning, big data, the growing number of CPU cores and GPU acceleration bring. So are malicious hackers – expect them to pick up on these technologies. A major way will probably be through improving phishing techniques, improving targeted emails through artificial intelligence (AI) for example. That will allow them to avoid getting caught in spam filters and improve hit rates on victims. And faster encryption on modern multi-core CPU and GPU systems will make it even harder to detect and stop ransomware before it is too late.
2. Targeting will improve
Focusing on business targets has resulted in a massive increase in income from ransomware over the last years and there is no way this trend will reverse. Sadly, there are still countless businesses out there that have not taken many precautions and there is a lot of money to be made. Insurance companies are actually playing a key role here, as they pressure businesses to follow best practices to avoid having to pay out. But keep in mind that an insurance does not fully cover the massive costs of a ransomware attack in terms of lost time and data. They might pay off the attackers but do you really think any insurance covers the lost revenue due to your sales people being unable to work or the time lost fixing the computers of your employees?
3. Unknown exploits become more used
The increasing revenue from ransomware means its authors are more motivated and financially capable to acquire valuable, zero-day exploits. Theft of government-created exploits in the past has already shown one way this can affect even perfectly up-to-date systems and the rising value of exploits on the open market will result in more attacks like that.
All this means prevention will only go so far: recovery will become more and more important. That is, backups, and of course easy, powerful tools like Nextcloud’s unique Ransomware Recovery mechanism which can automatically recover all ransomware-encrypted files after an attack.
Like past years, in February 2020 we will be present at Fosdem and again we will host a booth, along with our friends from DAVDroid and ONLYOFFICE this time! Even our friends from Bareos and Rocket.chat might join, seems fun
People from our team will be there and we hope to have a large presence of our community too!
Come and find us at our booth, ask what’s awesome about nextcloud and what’s coming next! Collect some Nextcloud or “who owns your data” stickers, cool swag and find out more about our future events, latest news and open source friends!
Location: ULB Solbosch Campus in Brussels, Belgium
Dates: February 1-2
Find more information about the event here.
The previous years we had teams of over a dozen enthusiastic volunteers to present our project to the thousands of visitors and this year, we hope to have an even bigger and cooler presence. We’re always very happy to have a large team of volunteers there, which allows us to be literally everywhere at the event! Would you like to help us? Find out more here.
Usually stands are located in three buildings on the campus: the upper and lower corridors of the K building, the lower floor of H and the corridors of AW. The list of stands with their location will be available on the FOSDEM website. We will update you with the exact location once we know it and we will list here all the talks from our community as soon as we’ll know more about those!
If you’ll present a talk related to Nextcloud, shoot us an email to email@example.com with the details (title, short description) and we’ll add it to this post
Happy FOSDEM everyone!
Starting from today Android client 3.9.2 is available in the app store! Yesterday we released the 3.9.1 version of our Android app, a minor release bringing small fixes, lots of improvements in translations and other refinements.
Note that we released 3.9.2 today as a result of a bug that caused a login loop in cases when app protection was enabled. The bug is now fixed! If you haven’t enabled automatic updates in your mobile, please update your app to 3.9.2.
Improved image viewer
On certain devices, the app crashed when you opened a png image and then clicked on it to replace the transparent background with the chessboard-style pattern. The issue is now fixed by using png instead of a vector drawable for bitmap without causing the app to crash.
Note: This release will be available on Fdroid after up to 24 hours.
In case you missed it, we released Android client 3.9.0 with some awesome new features last month. Read about the remote wipe integration, new media player and many more!
Make your life easier with some Nextcloud Android app features you might haven’t noticed yet.
Markdown files are an easy way of taking meeting notes with your colleagues, writing down some quick ideas or thoughts, drafting a new proposal during a team call etc. After structuring the text with basic formatting in a human readable way you usually have to get back to it, maybe on the go, or you share it with other people who access from their mobile phones.
Many syntax highlighting for markdown preview, in read mode only are now supported in your Nextcloud app for Android. Markdown files are human readable and well structured even when you access them on the go!
DAVx⁵ has released its 2.6 version which is compatible with Android 10 and Nextcloud Login flow is implemented. You can even setup DAVx⁵ from your Nextcloud app with 2FA. Note that this is supported by Nextcloud Android app 3.9.0 or newer.
Check the video here for a step by step demonstration.
Of course many fixes, refinements and features are being made regularly and older versions of Nextcloud are not supported. The Android app warns you of the risks of running an outdated version. Nextcloud 12 is the oldest release that will work with this version of our app. We strongly recommend private users to upgrade their Nextcloud servers.
As companies sometimes have to use older versions, Nextcloud offers long term support. Contact our sales team for more information on this.
We appreciate your feedback! If you’d like to share your comments with us, continue the discussion in our forums. What’s the best thing about the Android app so far?
A big thanks goes to all the awesome members of our community that regularly help us make Nextcloud better, by translating or reporting and fixing issues!
Would you like to contribute to our Android app too? Check out all you need to know here.
An Enterprise File Sync and Share (EFSS) is a piece of software that gives users access to documents, photos and videos on any of their devices. It also allows them to easily share these documents with others. In this blog we highlight some typical features of EFSS and what to look for in a solution.
According to TechTarget, the most common reason for deploying an EFSS is to prevent users from using consumer-based file sharing apps to store, access and manage corporate data outside the IT departments’ control and visibility.
EFSS applications generally offer the following abilities:
Most EFSS solutions are cloud based. There are some hybrid or on-premises alternatives.
What differentiates EFSS solutions? The most important factors enterprises look for are these:
EFSS software is entrusted with highly valued and sensitive data. The loss of company secrets due to theft, the risk of leakage of private customer data or the productivity hit of a ransomware attack is huge and thus EFSS vendors offer a range of cutting-edge security capabilities. Look for these when picking a secure solution:
You can compare the most popular cloud-based EFSS, Microsoft OneDrive, with the most popular on-premises solution, Nextcloud.
Compare OneDrive and Nextcloud
Imagine you need to share very sensitive data to somebody. Say it is the result of a medical test, or important financial data. You want to make sure nobody else than the intended recipient can gain access to this data.
You could send a link with the files, protected with a password. Sending the password separately means a third party trying to intercept the communication will have a hard time catching both the link and the password. However, often both still arrive on the same mobile phone. Moreover, it is not that uncommon that more than one person have access to that device: a spouse, or kid, for example.
Video Verification is a very powerful and innovative way to verify the identity of the person you share with before you hand them over the password for the share. Rather than emailing or sending the password over chat, the recipient of the share has to use a video call to request the password from you. This eliminates the risk that a spouse, kid or hacker who has access to their email or mobile device has a chance to see the data.
That call can come in through the mobile apps for Talk, making it easy for the sender to pick up.
To enable the additional protection afforded by Video Verification, create a shared link and set a password. Then, when you go to the share menu again, you can enable the ‘Password protect by Talk’ option which enables video verification. Note that this feature requires your server to have Talk installed!
The recipient of the share will have to have a webcam and microphone so the sender can see and hear who is requesting access to the data. There is a great tutorial on Techrepublic about using video verification!
The video below shows fully how Video Verification works.
Like the past years, this December we will be present at Paris Open Source Summit offering business representatives an opportunity to meet our experts and learn more about Nextcloud.
At this major enterprise open source gathering, our team members will give three talks and we will have a shared booth with our partner Arawa.
Event: Paris Open Source Summit
Dates: December 10 – 11
Location: Paris, France
Venue: LES DOCKS DE PARIS – 50, av. du Président Wilson 93200 La Plaine St-Denis, 100 meters away from the Door of the Chapel, The Docks of Paris are situated on the axis of communication Bets / stage of France.
More practical information here.
We will be there with both French and English speakers. Come visit our booth (C08) and discuss our roadmap, latest improvements and development! You can come by any time, but if you want to discuss a specific point or want an appointment with us, you may want to send an email to firstname.lastname@example.org
Two of our team members will give talks at Paris Open Source Summit. Check the full schedule here.
Venez découvrir pourquoi Nextcloud est de plus en plus installé en France
Olivier Paroz – Tuesday, December 10, 14:35 – 15:00
Discover why Nextcloud is increasingly installed in France
The demand for online collaboration and communication tools is growing rapidly. Nextcloud offers a real alternative to the solutions of American giants while remaining 100% Open Source and allowing organizations that use it to keep control over their data. It is for these reasons that Nextcloud is increasingly used in France, whether in Ministries, universities or companies.
“I will present to you the progress made over the past 12 months, as well as some concrete cases.”
Le Spleen du mainteneur: ne négligeons pas la sécurité organisationnelle dans l’open source !
Nina Cercy – Wednesday, December 11, 14:45 – 15:30
The Spleen of the maintainer: let’s not neglect organizational security in open source!
November 26, 2018: the event-stream security team, an npm package, is contacted about an infected package that allows its author to steal Bitcoins. Oh no, there’s no event stream security team. We therefore contact the person responsible for the package directly. Well, it turns out she’s no longer holding the package. Come on, let’s wake up the CISO of the compan… Neither? Are we turning against the company that audited such a widely distributed package? Audiwhat? There was no illegitimate elevation of privileges. No spoofing. No vulnerability in the Github code, neither on the app side nor on the npm side itself. Just a smart attacker who asked to maintain an npm package and quietly injected his malicious code once the official maintainer. In open source, the trust chain is essential to ensure development security, and organizational security is sometimes overlooked: let’s look at the good practices to be put in place.
Open source et RGPD : quel partage de responsabilités ?
Nina Cercy – Wednesday, December 11, 16:00 – 16:30
Open source and GDPR: which division of responsibilities?
While the case of SaaS vendors has been quite well defined, the regulation around the responsibilities of open source vendors towards the GDPR remains unclear: who is responsible in case of a security breach? What is the status of the publisher? What about support ? A brief overview of the thousand complex situations that can arise when developing in open source.
The first week of November, we concluded another successful hackweek! We’ve worked on improvements for Nextcloud 17, we focused on Nextcloud 18 and of course spent time together.
Now is the time to set a date and work all together again! All Nextcloud contributors are invited to join us on January 13-18, 2020 in Berlin. We will still be hacking on Saturday, January 18, so if you can’t join us during the week days join us on Saturday!
Location: Nextcloud GmbH office in Berlin, Germany
Address: Tempelhofer Ufer 23-24, Berlin.
Bring: Your laptop and enthusiasm
How to get in: Once you’re there, ring the bell and find us on the fourth floor
As usual, there are topics we want to focus on during this week. Nextcloud 18 is on its way, we’ll also plan and work on Nextcloud 19. We hope to help people get involved and look at the state of our apps, preparing for the upcoming release.
If you have known Nextcloud for a while, you may have heard about these focused work weeks when we used to call them “Hackweek”. Contributor weeks or hackweeks are weeks we decide to get together to discuss and work to move Nextcloud forward.
We focus on getting work done and being productive: going through issues, discussing and fixing them, working on our code and so on. Just more together, rather than remote as we typically do! It’s a nextclouders gathering with lots of working and fun!
On October 30th, 2018, we released our own program to support diversity in Open Source: Nextcloud Include. With this program, we provide mentoring and internships to people from underrepresented groups in the tech community, and – even more relevant to the topic of this post – we help you to join us at events like our yearly Conference or our Contributor Week! Want to join us in Berlin? Check nextcloud.com/include and get in touch with us to request travel support!
Of course, even for those who aren’t part of underrepresented groups: As usual, all Nextcloud contributors are warmly welcomed to join us! For those among you where financial issues limit travel possibilities, you can email us here, sending some links to your contributions.
In any case, don’t forget to bring your laptop and help us get some work done!
We look forward to seeing ya’ll in Berlin!
During this week, the LIBE committee of the European Commission will read a draft report on e-evidence. This report includes a proposal for cross-border access to data for law enforcement which would allow foreign law enforcement agencies from across the EU to force companies to hand over customer data without a check by local authorities.
While further and deeper integration of EU law enforcement is not a bad thing, this proposal puts the onus on verifying the legality of this request on the recipient. While large companies like Google certainly have no problem with this, a small local hosting provider which manages Nextcloud for its customers would not be able to even properly authenticate the foreign authorities, let alone object to illegitimate orders!
This would obviously be bad for the many thousands of independent hosting providers in Europe as well as the privacy and security of their customers, providing a huge benefit to the established internet molochs Google, Amazon, Microsoft and others.
Together with Mailfence, Tutanota, ProtonMail and Matomo, Nextcloud has signed a public letter to the LIBE committee. We’d like to not only thank our co-signatories, but also do a call-out to privacy-tech.eu who brought this issue to the forefront.
A few recommendations are made in our letter. First, we’d like to see a number of improvements which were already in the draft to be picked up:
We ask for a few further improvements:
We hope the EU commission will take our feedback serious and we urge everyone to spread this message and voice support for the EU privacy tech business!
rel=selffeed redirections when WebSub is disabled #2659
As you might have read in various news outlets, an attacker has been trying to use a known and reported NGINX/PHP-FPM bug (CVE-2019-11043) to break into servers. After breaking into the server and gaining control, the attacker used a compiled python script that encrypts data in the Nextcloud data folder and unsuccessfully tried to get ransom paid for decrypting it. The servers that were broken in were two private servers. As most Nextcloud users don’t use NGINX and those who did have largely updated following our warnings 3 weeks ago, only these 2 servers out of 300.000 are known to be compromised and no ransom payments to the bitcoin address have been made.
As the attacker gained full control over the server through a bug outside the control of Nextcloud, we could not do anything other than warn our users to update and secure their servers. For this we reached out through social media, mailing lists and our blog and also used our administrator notification feature to reach out to all server administrators (who did not disable this feature).
We repeat our official statement to the press below.
We are confident that the attack vector was the nginx+php-fpm security issue that hit the web some time ago.
While it was not an issue in Nextcloud itself, we informed our users through all channels we had available, including a direct notification to all administrators of Nextcloud servers. This likely explains why so few servers were impacted out of the hundreds of thousands of Nextcloud servers on the web.
We consider it a lesson that shows the value of taking security serious. We urge other PHP based projects to also issue warnings to their users about this issue, as this vulnerability persists for some.
Some background on the issue:
PHP bug report: https://bugs.php.net/bug.php?id=78599
Our blog: https://nextcloud.com/blog/urgent-security-issue-in-nginx-php-fpm/
So the “task” of the hacker was:
- read our blog
- find Nextcloud servers
- Try to execute the exploit of php_fpm+nginx
The attacker bothered to write a python script to explicitly target Nextcloud servers. We hope the lack of results will help act as a deterrence from doing this in the future.
Given we have a USD 10K security bug bounty program, we’d expect most hackers that find an issue in Nextcloud serious enough to do this to report it to us.
Until now, nobody has found such a serious vulnerability, but if you think you know one, please report it and collect your bounty! We are the only on-premises file sync and collaboration solution with such a big bounty, showing how serious we take security.
Bleepingcomputer which first reported this issue noted about the bitcoin wallet the attacker used:
no transactions have been recorded until now
While we are of course sorry for the two users who’s servers were hit, we are also glad that this incident shows that our prompt and (by some called over-the-top) response to the security issue in NGINX and PHP-FPM was effective in helping protect our users from the risk.