They already had their "Virtual Files" feature on Windows, which uses Microsoft's native implementation for OneDrive, and now, they are testing it for macOS using Apple's File Provider API.
What is the situation on Linux for this? Are there any other cloud storage providers that have this feature?
I cannot possibly trust Nextcloud again. I was very skeptical to begin with, because it's a rather large and complex project built on PHP over many years (call this a personal/subjective view). But what really made my decision was when they broke the ability to delete (and/or modify) encrypted files. [0]
Currently migrating from it (not writing any new files to it), but keeping it for read/shared files. The migration plan is to eventually move everything to a DS923 (Synology), with most files being mirrored on client machines and weekly offsite backups (encrypted). Would like something off-continent eventually but haven't given it any thought.
That bug seems to have been mostly (or at least partly) a configuration issue; E2EE and SSE were enabled at the same time, and they were not compatible.
Encryption on Nextcloud is a mess. Something about their update process is enormously fragile and its often pain to do (side note: I recently discovered there's a CLI updater, and that's definitely the way to go). I eventually just had to give up on E2EE and shut then whole thing off, which was also a pain because I kept running into errors. Fortunately everything is stored on my homelab and my users are all family so they don't care if I can see their files.
I really wish there was a high performance alternative with equally polished clients that didn't have all the enterprise "we need to make money" cruft.
I'm not sure if it'll work in the exact same use-case you use Nextcloud for, but Syncthing is really fast and works really well across upgrades and everything. The only exception being symlinks, and case-sensitivity in some edge cases.
I've looked at syncthing and the usage model isn't quite what I want. I really want a dropbox alternative, for my users' sake, as opposed to a decentralized synchronization service.
I use Synchting as a Dropbox replacement. My always-on TrueNAS is just another node, but functions as the "server". Synthing is great, it has a small footprint and works anywhere. I just set it and forget it.
> But after updating ... now it works, but I don't now why and I'm not sure why and if it will continue working properly. I cannot trust such a system.
That could be simply explained as being justification of their decision after the fact. OP may have already decided to stop using the software, so even when they were informed that the software was fixed, they couldn’t back down. It’s a perfectly normal reaction, but not necessarily a rational one. Therefore, we cannot assume it is reasonable to follow their example.
Where are you seeing they were informed it was fixed?
In any case, the relevant thing about that issue is two people reported running into a serious problem, months later it's still open with no information on what may have caused it.
A security issue like this happening even once in a production release is egregious. Their response in the first link was beyond pale. Horrible security issues happen, but that was not a remotely acceptable way to handle it in any project that's more than a toy.
Nearly the same issue happening again means they never bothered to set up testing for this and security just isn't something they pay any mind to.
> A security issue like this happening even once in a production release is egregious.
It happens to the best of software projects. If we write off using those, we may as well stop using computers.
> Horrible security issues happen, but that was not a remotely acceptable way to handle it in any project that's more than a toy.
We don’t know how they handled it. They may have handled the communication poorly, but regarding the security issue itself, we don’t know, because they didn’t tell us.
> Nearly the same issue happening again means they never bothered to set up testing for this and security just isn't something they pay any mind to.
You seem to be claiming that no software with any security features can have more than one security failure, ever.
Usually I'd agree with everything you're saying. Look at the actual issues and the discussion on the first GitHub thread.
> We don’t know how they handled it. They may have handled the communication poorly, but regarding the security issue itself, we don’t know, because they didn’t tell us.
And maybe the moon is actually perfectly spherical, as God intended, being a heavenly body and all and those craters we see are actually filled in with an invisible undetectable substance.
Sarcasm aside, notifying users of an issue in a timely manner is elementary to security. Trying to sweep it under the rug does not make inspire even the smallest sliver of confidence in how they'll handle their next issue.
> You seem to be claiming that no software with any security features can have more than one security failure, ever.
No, but I do expect that a project that lists security as it's primary advantage [1] to at least make an integration test to make sure that files in encrypted folders/sub-folders are, you know, actually encrypted. If _any_ project out there keeps having the same bugs, then no, I would not consider them to be serious people either.
I have a mandate from the business side that "there is no such thing as the cloud, only other people's hard drives", which I can't really argue against in good conscious, so we need to self-host just about everything we want to use. It would be really nice to be able to let the users run things like collabora online, or easily give them something that looks like Dropbox for certain kinds of files.
By correctly functioning, I mean that I can trust that it operates correctly (per the specs) and securely, or at the very least that any major issues are taken seriously by the team. (And getting it FIPS validated would push it over the line to _so_ much money.)
Have you looked into ONLYOFFICE Workspace Community? I plan to give it a spin soon. I too was dissillusiones after repeatedly having trouble with NextCloud, it seems they move to fast and try to cover to much ground at once.
Haven't looked at them since they included their own WebDAV server, could be very interesting, they were pretty much head-to-head with collabora when I tested them last, but Ascensio Systems' Russian ties give me pause given recent events. Even if nothing actually happens, incorporating it into our business practices and then them getting sanctioned would really suck.
Nextcloud has had too many longstanding bugs like the one that mangles metadata, breaks sync, and requires server side intervention to fix [1]. I don’t trust them to do normal sync anymore. There’s no way I’d take the risk of letting them encrypt my data.
They need to slow down on features before tech debt ruins their product (if it hasn’t already).
1. On Windows, at least on my system, setting an upload limit/automatic limit crashes the client regularly.
1a. Right clicking in Windows Explorer when Nextcloud is in that state causes it to crash as well.
2. Android auto upload feature for photos fails often.
For both of those problems I've found new and old, open and closed issues.
Thankfully I can work around #1 by not using any limit (sometimes annoying) and #2 by using a decent WebDAV client (FolderSync) instead.
I would be happy to hear what you think of ownCloud Infinite Scale, a go microservice implementation of the ownCloud WebDAV and sharing APIs. We are limiting ourselves to file sync and share, but integrations with collabora and OnlyOffice are there. Just don't expect server side encryption. It was only added to the oc10 codebase to prevent storage admins to read the data. It does not protect against evil sysadmins in the least. Imo an encrypted filesystem or overlay filesystem can be used to solve that use case.
If you need E2EE cryptomator works just fine.
That being said, oCIS does add other things to the table: for an out of box experience we bundle a small OpenID Connect Identity provider that should suffice for a small home lab.
And we now support parts of the libre graph API, which is an effort to build a federated graph API closely following Microsoft Graph. Obviously, our team focuses on file sync and share, but e.g. the Kopano guys are working on the PIM parts.
The team is busy preparing the next release and customer projects based on the new stack, but we are happy with what we have achieved so far.
I am definitely interested! I have some initial thoughts, and I'll post them on rocketchat as well later.
* It looks very competitive for people who use Nextcloud just for sync/share and don't want the cruft
* To be competitive in the homelab space, you really need a docker container!
* LDAP auth is a good start, but SSO would be even better; SAML is only available on enterprise, but not many selfhosters use that anyways
* I don't think there's much need for another OIDC provider in the selfhosting space; people are going to use Authelia, Authentik, or Keycloak anyways.
* Having an OIDC client that can use the above, which I already have set up, would be the best scenario
* Finding stuff on your website was not super intuitive; I wanted to see what's available in the community version (which I eventually found in pricing), and then I wasn't quite sure if that page is up to date for OCIS (ditto for the feature comparison page)
38 comments
[ 3.0 ms ] story [ 89.5 ms ] threadWhat is the situation on Linux for this? Are there any other cloud storage providers that have this feature?
[0]: https://github.com/nextcloud/server/issues/34744
https://github.com/nextcloud/server/issues/24240
I really wish there was a high performance alternative with equally polished clients that didn't have all the enterprise "we need to make money" cruft.
Unless they've really cleaned up their act, nextcloud just isn't suitable for real data.
I would pay _so_ much money for a correctly functioning WebDAV server, maintained by responsible professionals.
EDIT: looks like they have _not_ cleaned up their act whatsoever: https://github.com/nextcloud/end_to_end_encryption/issues/38...
That link states that is is fixed now, though?
> But after updating ... now it works, but I don't now why and I'm not sure why and if it will continue working properly. I cannot trust such a system.
In any case, the relevant thing about that issue is two people reported running into a serious problem, months later it's still open with no information on what may have caused it.
Nowhere. Where did I say they were?
Nearly the same issue happening again means they never bothered to set up testing for this and security just isn't something they pay any mind to.
It happens to the best of software projects. If we write off using those, we may as well stop using computers.
> Horrible security issues happen, but that was not a remotely acceptable way to handle it in any project that's more than a toy.
We don’t know how they handled it. They may have handled the communication poorly, but regarding the security issue itself, we don’t know, because they didn’t tell us.
> Nearly the same issue happening again means they never bothered to set up testing for this and security just isn't something they pay any mind to.
You seem to be claiming that no software with any security features can have more than one security failure, ever.
> We don’t know how they handled it. They may have handled the communication poorly, but regarding the security issue itself, we don’t know, because they didn’t tell us.
And maybe the moon is actually perfectly spherical, as God intended, being a heavenly body and all and those craters we see are actually filled in with an invisible undetectable substance.
Sarcasm aside, notifying users of an issue in a timely manner is elementary to security. Trying to sweep it under the rug does not make inspire even the smallest sliver of confidence in how they'll handle their next issue.
> You seem to be claiming that no software with any security features can have more than one security failure, ever.
No, but I do expect that a project that lists security as it's primary advantage [1] to at least make an integration test to make sure that files in encrypted folders/sub-folders are, you know, actually encrypted. If _any_ project out there keeps having the same bugs, then no, I would not consider them to be serious people either.
[1] https://nextcloud.com/compare/
I’d love to learn more. Can you explain what your use case is and what is “correctly functioning” in this context?
By correctly functioning, I mean that I can trust that it operates correctly (per the specs) and securely, or at the very least that any major issues are taken seriously by the team. (And getting it FIPS validated would push it over the line to _so_ much money.)
They need to slow down on features before tech debt ruins their product (if it hasn’t already).
1. https://github.com/nextcloud/desktop/issues/4378
1. On Windows, at least on my system, setting an upload limit/automatic limit crashes the client regularly. 1a. Right clicking in Windows Explorer when Nextcloud is in that state causes it to crash as well. 2. Android auto upload feature for photos fails often.
For both of those problems I've found new and old, open and closed issues.
Thankfully I can work around #1 by not using any limit (sometimes annoying) and #2 by using a decent WebDAV client (FolderSync) instead.
I would be happy to hear what you think of ownCloud Infinite Scale, a go microservice implementation of the ownCloud WebDAV and sharing APIs. We are limiting ourselves to file sync and share, but integrations with collabora and OnlyOffice are there. Just don't expect server side encryption. It was only added to the oc10 codebase to prevent storage admins to read the data. It does not protect against evil sysadmins in the least. Imo an encrypted filesystem or overlay filesystem can be used to solve that use case.
If you need E2EE cryptomator works just fine.
That being said, oCIS does add other things to the table: for an out of box experience we bundle a small OpenID Connect Identity provider that should suffice for a small home lab.
And we now support parts of the libre graph API, which is an effort to build a federated graph API closely following Microsoft Graph. Obviously, our team focuses on file sync and share, but e.g. the Kopano guys are working on the PIM parts.
The team is busy preparing the next release and customer projects based on the new stack, but we are happy with what we have achieved so far.
Just drop by in our https://talk.owncloud.com/channel/infinitescale rocket chat and let us know on GitHub what you think.
I'll go back to my vacation
* It looks very competitive for people who use Nextcloud just for sync/share and don't want the cruft
* To be competitive in the homelab space, you really need a docker container!
* LDAP auth is a good start, but SSO would be even better; SAML is only available on enterprise, but not many selfhosters use that anyways
* I don't think there's much need for another OIDC provider in the selfhosting space; people are going to use Authelia, Authentik, or Keycloak anyways.
* Having an OIDC client that can use the above, which I already have set up, would be the best scenario
* Finding stuff on your website was not super intuitive; I wanted to see what's available in the community version (which I eventually found in pricing), and then I wasn't quite sure if that page is up to date for OCIS (ditto for the feature comparison page)
Oh and enjoy your vacation!
https://hub.docker.com/r/owncloud/ocis
https://seafile.com
Because enterprise hardening and reliability are their primary focus.
Also does self-hosting.
https://owncloud.com/compare-filesharing/owncloud-vs-nextclo...