
Owncloud has been forked into Nextcloud - jwildeboer
https://nextcloud.com/about/
======
alexggordon
Let me tell you an anecdote about Owncloud. Once upon a time, I hosted an
Owncloud instance for my family. I had a raid 5 system setup on an old Xserve
with around 10 TB of usable space. I was really into learning about encryption
at the time, so I figured it would be cool to encrypt all my families files on
the server. I made sure that all my family members were properly educated
about not forgetting their password, and then enabled the Encryption App[0] by
following a tutorial. Everything went smoothly for about 6 months until I was
updating Owncloud with a minor version upgrade, and then BAM; nobody (myself
included) could decrypt any data on the server.

I posted around about it, trying to figure it, ripped apart the source code to
the point where I found that manually decrypting the data was resulting in
gibberish. All my backups were the encrypted data, so those didn't really help
either.

I still don't know what happened to this day, but I've been eternally wary of
personal fileservers ever since.

[0] [https://owncloud.org/blog/how-owncloud-uses-encryption-to-
pr...](https://owncloud.org/blog/how-owncloud-uses-encryption-to-protect-your-
data/)

~~~
mseebach
I don't mean to belittle the severity of the bug you encountered -- but the
root-cause of your problem was a lack of a backup. A large number of issues,
some of them software bugs, many of them not, could lead to data loss.

It that vein, too, your RAID-5 system is/was a disaster waiting to happen,
especially when you don't have a backup:
[http://www.zdnet.com/article/raidfail-dont-use-raid-5-on-
sma...](http://www.zdnet.com/article/raidfail-dont-use-raid-5-on-small-
arrays/)

~~~
alexggordon
Do you back up the unencrypted data though? Regardless of the viability of the
raid 5 system, the raid 5 wasn't what failed. It was the encryption.

It wouldn't have even been possible to backup the encrypted data without
getting all my family members passwords too.

~~~
gherkin0
>>> Everything went smoothly for about 6 months until I was updating Owncloud
with a minor version upgrade, and then BAM; nobody (myself included) could
decrypt any data on the server.

> Do you back up the unencrypted data though? Regardless of the viability of
> the raid 5 system, the raid 5 wasn't what failed. It was the encryption.

> It wouldn't have even been possible to backup the encrypted data without
> getting all my family members passwords too.

You could have backed up the encrypted data (+owncloud metadata) in its
encrypted form. Then, when you ran into the bug that corrupted the main copy
of the encrypted data, you could have restored the old backup of the encrypted
data and reverted to the last working version of Owncloud to access your data.

------
IgorPartola
I like how OwnCloud was characterized on Bad Voltage (paraphrasing here):
"It's as if someone a few years ago wrote down their definition of cloud and
sent it back in time to 1996. Then a bunch of PHP developers in 1996
implemented it knowing nothing about what they were doing and then sent the
code back to present day."

That's not to say I don't appreciate the fact that ownCloud exists, but I find
it much harder to use, and the fact that it's written in PHP makes me not want
to dig into it to fix.

~~~
creeble
Indeed I've been waiting for something like Owncloud for Django or Flask or
something Pythonesque for a while.

I'd join in if there were a better Pythonista to start it than myself.

~~~
mnutt
I actually wish that Owncloud would focus on file syncing and not on apps.
Their app API feels like the wrong level of abstraction, more like you're
building wordpress plugins than actual apps. I appreciate that it makes it
easy for devs to get started, but can result in some terrible security holes
and messy APIs. Something like Sandstorm is a much better way to separate apps
and content and prevent security issues.

Owncloud's syncing clients for mac/win/linux are descended from mirall and are
pretty good. I used Owncloud server for a while then built myself a
lightweight replacement in node that uses the same sync API. (webdav)

~~~
IgorPartola
I have been hearing good things about SyncThing, though it lacks an iOS
client.

------
medlazik
> _You should have full control over your data. We help you achieve that: a
> safe home for all your data. Secure, under your control and developed in an
> open, transparent and trustworthy way. We are Nextcloud._

Why are we not in full control over our data with ownCloud anymore? What
_really_ changed that made the founder and top contributors leave ownCloud?

~~~
teekert
That is on everyone's mind, my guess would be that somehow some party within
ownCloud was pushing for a bigger separation of features between the FOSS core
and the enterprise product. This goes against the founders ideals and they
left. Similar to OpenOffice vs LibreOffice, in fact I was personally expecting
this to happen and was betting on the name LibreCloud ;)

~~~
devnonymous
That would be my guess too. There was an oblique reference to this a while
back in the blog post by ownCloud's founder when he announced his departure :
[http://karlitschek.de/2016/04/big-changes-i-am-leaving-
owncl...](http://karlitschek.de/2016/04/big-changes-i-am-leaving-owncloud-inc-
today/)

------
stp-ip
9 of the top 10 contributors in addition to the project founder and the lead
security engineer are pushing this effort. Good foundation to fork and support
users.

Let's hope this brings the transparency, openness and community awareness
owncloud/nextcloud always needed.

~~~
mhurron
Why would they when they were (apparently) 90% of OwnCloud in the first place.
What stopped them being open in the first place?

~~~
stp-ip
They were 90% of the top contributors. The company had a lot more sales
people. The devs don't control decisions of the company. Only the code and
that's why I assume there was this fork.

~~~
mhurron
Presumably they did control the company when they started. I don't know of a
time when this complaint wasn't leveled against OwnCloud.

~~~
stp-ip
Control can be taken and views/visions can be different. That's the great
thing about open source. The community or even other participants can fork and
continue their own vision. Projects shouldn't make a habit out of it so.

------
distances
It would be interesting to hear a bit more background for this forking. What
does Nextcloud try to achieve that was not possible within the ownCloud
project? Was this a clash of personalities as one of the ownCloud founders is
among those jumping the ship?

~~~
unlinker
[http://blog.jospoortvliet.com/2016/06/nextcloud-is-
replacing...](http://blog.jospoortvliet.com/2016/06/nextcloud-is-replacing-
owncloud.html)

>'why' is the question everybody has and I hope you understand I don't want to
talk too much about that

Grow up, maybe, Jos?

This sounds to me like the usual and continuous splits inside OSS communities,
but Jesus, I do miss the days when you had a detailed explanation as soon as
somebody leaked the IRC logs!

~~~
LionessLover
You don't talk negative about other people, especially if you worked with them
for a long time, and especially when it's not a matter of "they hid bodies of
people they killed" but mere differences in opinion about how to do business.
So no, this dirty laundry should _not_ be aired in public.

~~~
RubyPinch
On the other hand, that specific thing is the entire reason for the fork
existing, its drive and motivation.

It could be anything. "We feel own-cloud isn't libre enough", "We don't feel
this direction is profitable", "We feel owncloud was too open", "I personally
disliked one of the people there any wanted to sink the ship", etc etc (note:
I am being a bit tongue in cheek here)

If its a reason I agree with, then migration makes sense, if its a reason I
don't agree with, then obviously migration might not be a good idea. But no
one knows what the driving motivation of nextcloud is! So its a bit more
worry-causing then reassuring

------
toggle
I used OwnCloud for a while and never had any problems with it, but it seemed
like overkill for my use. I didn't have multiple users and I wasn't using it
to share files with anyone -- just syncing files between my own devices.

I started using Sandstorm[0] for my personal server, and there's an app for it
called Davros[1], which implements the OwnCloud protocol. It doesn't really do
a good job of advertising that fact (not even mentioned in its description),
but you can use the OwnCloud clients with Davros. It's been satisfying my
file-syncing needs with no problems. Just be aware that it lacks versioning.

I'm excited to see what's coming for NextCloud, though.

[0] [https://sandstorm.io](https://sandstorm.io) [1]
[https://apps.sandstorm.io/app/8aspz4sfjnp8u89000mh2v1xrdyx97...](https://apps.sandstorm.io/app/8aspz4sfjnp8u89000mh2v1xrdyx97ytn8hq71mdzv4p4d8n0n3h)

~~~
tinix
It's not an "owncloud protocol"... It's called WebDAV and it's a web
standard[0], like HTTP.

[0][https://tools.ietf.org/html/rfc4918](https://tools.ietf.org/html/rfc4918)

There are literally 100s and 100s of these tools... Nothing is special about
OwnCloud, or Sandstorm, in this case, to support interoperability.

It's pretty obvious, IMO, that it supports WebDAV since "dav" is right there
in the name.

~~~
kentonv
To be fair, in order to work with the ownCloud client, Davros had to implement
a few ownCloud-specific extensions. But basically, yes, it's WebDAV.

------
educar
I feel sad for ownCloud and Nextcloud. ownCloud has a brand and this fork
dilutes it. It will be on everyone's mind especially since the founder has
left to create a competitor. For Nextcloud, unless they can explicitly state
why this fork exists, it's hard to side with them. What kind of ideological
differences are we talking about? Sure, you don't need to throw around
personal accusations or finger point but it would help to know what motivated
this.

On a related note, this is a risk which many platform companies take. If you
opensource your project completely, then anyone can fork it and take it ahead
if the forker is a big or well known person. I think we got really lucky with
iojs and node.

~~~
jancborchardt
It’s not a »risk which was taken«. ownCloud started out as a pure open source
project and the company was formed later.

Having it under a free software license / open source is exactly so that the
community can step in when there is a problem with the company.

Disclaimer: I am one of the people who left ownCloud for Nextcloud. Also one
of the first contributors to the project when it was still very young, and the
company didn’t exist yet.

~~~
educar
Yes, the risk was taken when the company was formed. I didn't mean that it was
taken after the company was formed.

I am a long time ownCloud use. iirc, it was even announced on planetkde first.

------
jwildeboer
Boom. #Owncloud shutters after #Nextcloud announces itself. VC panic galore?
Open wins! [https://owncloud.com/owncloud-statement-concerning-
formation...](https://owncloud.com/owncloud-statement-concerning-formation-
nextcloud-frank-karlitschek/)

------
hn234234
Having contributed a tiny bit to ownCloud, I enjoyed working with the people
that now left to start Nextcloud. I think they were the more technical minded
people on the team at ownCloud, compared to the sales persons of which there
seem to be an awful lot.

Good luck!

~~~
jancborchardt
Thank you, very cool to hear! :)

You are of course very welcome to contribute again – just check
[https://github.com/nextcloud](https://github.com/nextcloud) or join us in IRC
#nextcloud or #nextcloud-dev (freenode).

------
Renner1
A year ago I reviewed most of the popular "Self-hosted 'Cloud'" packages and
found they all had pretty ugly history (security vulnerabilities in
particular) and the technologies used didn't inspire confidence in the
developers (when data security and integrity are on the table, PHP developers
wouldn't be my first choice, nor any choice).

Are there any decent tools out there today or is it still the same situation?

~~~
LukasReschke
Good questions! Note, that I'm affilated with Nextcloud so obviously a bit
biased.

Only because a project is very transparent about security vulnerabilities does
not necessarily mean it's inherently insecure. In fact, at ownCloud we found
all critical vulnerabilities ourself and also run a successful bug bounty
program. (for Nextcloud we are also considering one)

Check
[https://news.ycombinator.com/item?id=11821854](https://news.ycombinator.com/item?id=11821854)
for more insights.

------
phreeza
I have been using Seafile for 2 years now and I'm very happy with it.

~~~
embik
While Seafile seems to work, the developers have been kinda sloppy both with
licensing[1] and security[2]. The answers on both issues really make me
question their integrity and ability to deliver a secure piece of software.

[1]
[https://github.com/haiwen/seafile/issues/666](https://github.com/haiwen/seafile/issues/666)

[2]
[https://github.com/haiwen/seafile/issues/350](https://github.com/haiwen/seafile/issues/350)

~~~
gstuartj
OwnCloud actually has security issues similar to what you cited in the second
link. Their security track record isn't spectacular either.

[https://blog.hboeck.de/archives/880-Pwncloud-bad-crypto-
in-t...](https://blog.hboeck.de/archives/880-Pwncloud-bad-crypto-in-the-
Owncloud-encryption-module.html)

~~~
LukasReschke
I'd like to point you to [https://statuscode.ch/2015/09/ownCloud-security-
development-...](https://statuscode.ch/2015/09/ownCloud-security-development-
over-the-years/) and make you aware of
[https://seacloud.cc/group/3/wiki/security-
records.md](https://seacloud.cc/group/3/wiki/security-records.md) and you
should probably consider who reported the last critical vulnerability.

Only because a project is serious about actually publishing vulnerability data
does not make it necessarily more insecure (or secure).

~~~
gstuartj
I agree. Just pointing out that the specific problem the above poster
mentioned as a reason to choose OwnCloud also is similarly true of OwnCloud.

[https://blog.hboeck.de/archives/880-Pwncloud-bad-crypto-
in-t...](https://blog.hboeck.de/archives/880-Pwncloud-bad-crypto-in-the-
Owncloud-encryption-module.html)

~~~
LukasReschke
The impact is a different one though. In that scenario pointed by Hanno
somebody needs to have access to the storage which already requires some kind
of previous gained access. What could be done by an attacker then is to infect
EXE files or so.

In the case of Seafile one could simply change passwords of any user etc.

But yes, crypto is hard and I agree that the way we did it at ownCloud is far
away from the best way. :-)

------
aespinoza
This article sounds like someone in OwnCloud wanted to build a box and not a
platform: [http://blog.jospoortvliet.com/2016/06/nextcloud-is-
replacing...](http://blog.jospoortvliet.com/2016/06/nextcloud-is-replacing-
owncloud.html)

Maybe NextCLoud is skunkworks: [http://mashable.com/2016/05/08/silicon-valley-
recap-skunkwor...](http://mashable.com/2016/05/08/silicon-valley-recap-
skunkworks/#YtS2jwIrKsq1)

------
mnutt
I'm curious to hear if Nextcloud is going to be rewriting the iOS mobile
client from scratch, since it's GPL and Owncloud owns the copyrights so is the
only one who can relicense for Apple.

~~~
jancborchardt
Most likely this is what needs to happen sooner or later. For now the existing
iOS app can be used of course since it can connect to any ownCloud/Nextcloud
server. Or any WebDAV app, for that matter cause we support open standards.

We will make sure though that this problem does not arise again since there
will be a Nextcloud foundation which is in full control of the copyrights.

Disclaimer: I am the former designer of ownCloud and moved on to Nextcloud.

------
NuSkooler
I've been using ownCloud for quite some time now with a handful of users and
many clients across Windows, Android, Linux, and OS X without any issues. This
is running in a FreeBSD jail.

I too wish it wasn't written in PHP as I'd be inclined to add features, but I
haven't had any of the issues mentioned in this thread.

What is the reasoning behind this new fork again?

------
fapjacks
Yeah, no shit! This is no surprise to me whatsoever. Owncloud has been stuck
in a rut for a _long_ time! I'm assuming that taking 90% of the top
contributors means they'll still be taking along a hefty amount of the
politics, but maybe with a fresh outlook this project will become competitive
again.

------
g1dv5ek8ctfymm0
Owncloud is NOT a backup solution, it is a remote access/sharing solution. At
least one client syncing to an account on the Owncloud server should have an
incremental backup solution. My personal setup is that my OSX clients backup
to a Time Machine. Easy peasy. If I have a server-side failure, I keep
motoring on, albeit without remote access/sharing until I get the server
fixed. If I have a client-side failure, I can restore to a prior moment in
time off the Time Machine or sync to a new client off of Owncloud depending on
the nature of the failure.

------
dang
There's a related post at
[https://news.ycombinator.com/item?id=11825815](https://news.ycombinator.com/item?id=11825815).

------
known
Reminds me of [http://lxr.free-
electrons.com/source/Documentation/virtual/u...](http://lxr.free-
electrons.com/source/Documentation/virtual/uml/UserModeLinux-HOWTO.txt)

------
adrianlmm
I implemented Owncloud in my workplace, but we had one problem that made us
uninstall it and create our own solution in Dart, the problem was that when
you share a file it doesn't preserve the file path extructure and that was
very important for us.

~~~
botw
extructure? why is that important?

~~~
adrianlmm
*structure, becuase every folder has meaning, if they share the document "law_2016.pdf" that is in the folder "/Enterprise_1/documents/laws/info" the folder structure has information about the context of the file in this case, they now is a document of law of the Enterprise 1.

------
smnscu
Seems like the code will be here:
[https://github.com/nextcloud/server](https://github.com/nextcloud/server)
(right now there's only an empty readme, committed 9h ago)

------
ausjke
After read the announcement I still can not figure out the reason to fork? I
tried owncloud and found it uses a lot memory and then gave up on that.

------
ichaib
As an Open source project, how should you handle such a situation?

