Nextcloud AMA!!
-
@Frank-Karlitschek said in Nextcloud AMA!!:
@Dashrender Not sure what you mean? A way to safe into Nextcloud directly from the Office Safe Dialog? This is of course possible. Just safe in a specific folder that is then synced to the server with the Desktop Client. Is this what you mean?
While what you explained is possible, that sync client puts all the files at risk of a cryptoware attack.
What I am specifically looking for/asking about is an API that plugs-in to MS Office to save directly to the server without the sync client, like MS Office has for Sharepoint. Access through an API like this significantly reduces the ability of cryptoware to affect the files through this avenue.
-
With almost all software I am a heavy propoent of the repo based model because it drastically simplifies things for the administration side of the house.
I know I can log into every single system and
yum update
orapt-get update
and be done.I can also be very confident that it will always just work.
With NextCloud, you have decided against doing a repository based model and have an auto updater.
Why is this being done this way? What possibly administration benefit do I gain from it?
-
@FATeknollogee On Nextcloud.com you can download fully configured VMs. Should be easy to run.
-
@LukasReschke said in Nextcloud AMA!!:
Have you heard of SQRL authentication and have you investigated including it?
I happen to have heard about it but we didn't look into that. In terms of authentication, at the moment we're working on actively improving our SSO plugin which now also supports Kerberos for example.
As Nextcloud is quite modular adding another authentication module via API should be quite easy. If you're interested in adding support SQRL authentication and have some PHP knowledge, I'd recommend to join us on help.nextcloud.com in the developers forum or on IRC #nextcloud-dev in Freenode.
I'm not a coder at all, so I would be of little to no help here
The principals behind SQRL pretty much get us away from usernames and passwords on websites, and also mostly gets rid of the reasons for 2FA (though there is still an argument for 2FA)
-
This post is deleted! -
@Dashrender Another way of doing this is to use WebDAV as a mount and directly safe there.
-
@Frank-Karlitschek said in Nextcloud AMA!!:
@RojoLoco As a server OS? We tried to do this in the past but PHP on Windows is just not very good. So the recommended way is to run a Linux VM on the Windows Server. This works fine.
And no licensing issues.
-
@Dashrender said in Nextcloud AMA!!:
Can you expand upon what you mean by this?
Sure. You might remember the epic 'dick pics' episode from John Oliver & Edward Snowden: https://www.youtube.com/watch?v=XEVlyP4_11M
This was quite awesome but at the same time - there really is an issue here. And most people have no idea. A lot of people clearly are storing their data at Google, Dropbox etcetera. Now that would be fine as long as that is data that can't be abused but that is often not the case. The terms of service of these companies doesn't protect you or your data and they are massive targets for hackers. Yes, they have good security people but nothing is ever perfectly secure and it is sooooo attractive to hack them...
And businesses are not too different - lots of them, even schools and universities and hospitals, store data on public clouds or at providers outside their country. And that can be abused in a whole bunch of ways, from government spying to corporate espionage to extortion of companies and individuals.
THAT scares me. Just look at the DNC scandal influencing politics in the USA. If you put your data at a public cloud, you're painting a massive target on it. If you have your own IT team taking care of it, as political organization, you can (emphasis on CAN, of course) do a much better job keeping it safe. And that can steer elections, politics, economics, everything.
That was the main motivation for Frank, back in the day, to announce a project to solve this and we at Nextcloud share this goal.
-
@FATeknollogee said in Nextcloud AMA!!:
There does not seem like an easy way for a Windows user to setup & use Nextcloud.
Can you comment on this?Sure there is, the Western Digital appliance.
-
@JaredBusch said in Nextcloud AMA!!:
With NextCloud, you have decided against doing a repository based model and have an auto updater.
Why is this being done this way? What possibly administration benefit do I gain from it?Technically we're not against repositories at all. They are a nice feature, but with all the distributions out there this leads to a lot of additional work and testing. At the moment we feel we can focus our resources better on other stuff. But all help is obviously appreciated!
Note that we also ship a simple PHAR file that allows scriptable updates. So you can execute a simple "php updater/updater.phar" to replace the source code and also run the migration scripts. I think that's also a nice way for sysadmins to automate updates and deployments.
-
@Frank-Karlitschek said in Nextcloud AMA!!:
@Dashrender Another way of doing this is to use WebDAV as a mount and directly safe there.
Do you have a link to setup instructions on that?
-
@Dashrender said in Nextcloud AMA!!:
@Frank-Karlitschek said in Nextcloud AMA!!:
@Dashrender Not sure what you mean? A way to safe into Nextcloud directly from the Office Safe Dialog? This is of course possible. Just safe in a specific folder that is then synced to the server with the Desktop Client. Is this what you mean?
While what you explained is possible, that sync client puts all the files at risk of a cryptoware attack.
What I am specifically looking for/asking about is an API that plugs-in to MS Office to save directly to the server without the sync client, like MS Office has for Sharepoint. Access through an API like this significantly reduces the ability of cryptoware to affect the files through this avenue.
Tossing crypto into this discussion is a waste of thinking power. any and all sync clients have this particular issue. period. it is not a function of NextCloud or any other service to mitigate.
A better question to ask would be, "If there a way to create a plugin for MS Office to let users save directly to NextCloud similar to how they can save directly to OneDrive without using the sync client at all?"
-
@JaredBusch does MS Office not support WebDAV? If it does, this API exists already
-
What new and exciting integrations do you guys see going into the future?
The email clients are a nice touch! I haven't had a chance to set up the Spreed or Collabora integrations yet.
-
@Frank-Karlitschek said in Nextcloud AMA!!:
@IRJ Yes. There are always big and cool new features coming. Actually the Nextcloud community is more active then ever. But it's not clear yet which features make it into the next major version. So we have to wait until the first beta is done.
No teasers?
-
@dafyre Sure. The Spreed is improving fast. Will be a lot better in the next release. We also want to promote the email and chat integration more. And we plan to integrate all this communication channels more into each other in the future.
-
@Dashrender said in Nextcloud AMA!!:
@FATeknollogee said in Nextcloud AMA!!:
There does not seem like an easy way for a Windows user to setup & use Nextcloud.
Can you comment on this?Sure there is, the Western Digital appliance.
I prefer my own hardware!!
-
@jospoortvliet said in Nextcloud AMA!!:
@Dashrender said in Nextcloud AMA!!:
Can you expand upon what you mean by this?
Sure. You might remember the epic 'dick pics' episode from John Oliver & Edward Snowden:
This was quite awesome but at the same time - there really is an issue here. And most people have no idea. A lot of people clearly are storing their data at Google, Dropbox etcetera. Now that would be fine as long as that is data that can't be abused but that is often not the case. The terms of service of these companies doesn't protect you or your data and they are massive targets for hackers. Yes, they have good security people but nothing is ever perfectly secure and it is sooooo attractive to hack them...
And businesses are not too different - lots of them, even schools and universities and hospitals, store data on public clouds or at providers outside their country. And that can be abused in a whole bunch of ways, from government spying to corporate espionage to extortion of companies and individuals.
THAT scares me. Just look at the DNC scandal influencing politics in the USA. If you put your data at a public cloud, you're painting a massive target on it. If you have your own IT team taking care of it, as political organization, you can (emphasis on CAN, of course) do a much better job keeping it safe. And that can steer elections, politics, economics, everything.
That was the main motivation for Frank, back in the day, to announce a project to solve this and we at Nextcloud share this goal.
Sure, but as our own @scottalanmiller likes to point out, those guys often have many times the security personal and need to keep things secure compared to other businesses, especially SMB (which is the bulk of this community). I'd argue that SMBs can't keep themselves more secure than Google can. Also as Scott has pointed out, even if there is a breach at Google, what are the chances they will get your data versus someone else's considering the shear volume of data they house?
-
@Dashrender said in Nextcloud AMA!!:
Do you have a link to setup instructions on that?
this should be helpful: https://docs.nextcloud.com/server/11.0/user_manual/files/access_webdav.html
feedback and patches to our documentation are always welcome, it is super easy to contribute: it is all in github! See https://github.com/nextcloud/documentation
-
Are noticeably slower speeds typical for external storage browsing on NextCloud?