As an admin of a 500 user instance I'm having mixed feelings about Nextcloud. Sure it's GPL and free and it got a lot better than the old owncloud mess that broke always but it's still somewhat a gamble. My install is just a no-warranty, non-commercial use case and I wouldn't use it for any large commercial installation without having at least one dedicated and skilled PHP-dev on-site.
I came to resent their marketing blog posts. If you look it's just an alpha version that just got hacked together, often with problems, often not fixed long after the release. There still lot's of serious bugs in end to end encryption for instance.
There does not seem to be a lot of work to improve the base features. Syncing, ACLs, User Mangement leave a lot to be desired. It's not easy but they are in a position where they really could be a perfect solution for a lot of people and probably also charge good money for it - but at the moment it feels like they just build alpha-grade fancy addons.
Me and probably most users would love a no-feature, we just fix the most serious bugs on our github issues release-cycle. I'm fine when it's called Nextcloud 16 and takes a year, hell take your time, but basic functionality should be rock solid.
I also don't get why they ignore the existing open-source ecosystem. Make it possible to integrate SOGo for Calenders and Mail - it's all webdav in the browser anyway. SOGo at least has somewhat working ActiveSync. Same with SAML/Shibboleth/Kerberos - some things got fixed, very late. No deployment story for Active Directory or even Linux.
User management is a mess - the Circles app is a good idea that is crippled by usability and functionality bugs... that possibility to have self-selecting groups and decentralized management is a huge win for them, but they don't seem to realize that this is an important use-case.
Nextcloud is very close to what would be ideal for a lot of smaller organisations, but they somehow are unable to polish what they have but decided to pile alpha-quality on alpha-quality code (and ignore the bug reports)...
That beeing said, it mostly works but your users won't be happy.
Let's be honest, if we did a release with only stabilization, it might get us more users. Not more customers. And it is customers who pay for the development.
Everyone asks us to focus "on the basics" and then claim their pet feature requests are, of course, basics. ACL's and user mgmt in your case, perfectly fine features, but features nonetheless.
In the end, our development is guided by the community and customers. If you're not either, we might not do what you want... That's the reality of any open source project.
And you're right, for a large installation, you should obviously get an onsite engineer, or, much better, a contract with us which is both cheaper and better. That's what most larger installations do, and that is how we earn the money to make Nextcloud better.
WRT the E2E, that sadly took a whole lot longer to get working than we had expected. Of course, if you think it is important or need it, time and money can speed it up, we have only so much of those.
I use Nextcloud and it is an integral part of my life, but your current set up does not allow me to pay you, as it focuses only on enterprise use case.
If I may make a suggestion, could you make a page for donation, and then you can have a "put your donation to Nextcloud to the following uses:
- New features
- Stablilty
- Android Client development"
I think you get the idea. I would very happily donate if I was given the option to.
Its a larger frustration with a lot of open source projects though. I'd love to throw some money to say thanks, but its either really hard or convoluted. The easiest way I have found so far is with android ones, I just buy the paid versions on there.
The main issue with that is that it simply doesn't provide anywhere near enough money to pay a real team.
Our forums, for example, have about 17.7k users according to help.nextcloud.com/about
Let's say we get ALL those users to pay 10 bucks per year. Not going to happen, of course - but let's say we put in a lot of effort there. That can pay for 3-4 developers. We have 25. Should we really spend time on that? Or spend that energy on getting a few big customers who pay 100K each?
We have explicitly chosen not to even TRY to monetize any installation under 50-100 users.
That means we don't try to squeeze money out of small businesses and home users (for example by not fixing issues for those users to try and get them to sign a contract). Instead, our incentive is to make Nextcloud easy and good enough that anyone <100 users can just use it without needing us. Because then 1. they don't ask too many questions on our forums and github and twitter etc and 2. they advocate for how great Nextcloud is to our real potential customers: businesses with 500 to 50 million users.
Of course, if community members want to donate or if contributors want to earn a cup of coffee, there's always https://www.bountysource.com/teams/nextcloud
But our employees aren't allowed to take money out of that, they have to donate it back to issues they/we care about.
I understand and very much respect your prespective. If I was in a company that could use your software, I would point them to you.
If you don't mind from a single home user, my prospective was: I really like Nextcloud, I want to at least send some money your way. I know it won't sustain you, but for all your software does for me, I feel like I can donate. I go to your website, I look at pricing, and the lowest pricing I saw was 1900 euro for 50 users. I didn't even know bounty source was an option.
Now that I know bounty source exists, I will send money on that. However, may I suggest to put bountysource on your main website so folks like me can at least support you (or if your employees can't take money out of it, give folks like me a way to give you money)? I get the fact that running on that won't sustain a business, but I would like to think that if users saw that on your website, you would get more money that way.
Or maybe for a thought too, I brought up Android on the previous one. I forget which app I had, but they had a paid and a free version. I looked at the paid version, and it said something along the lines of "this version is no different than the free version. However, if you would like to support us, please consider buying our paid version." Their monaterization was not more intrustive than that. I bought the paid version, because I knew the money would go to the developers.
If perhaps you doing any monaterization is too much if a pain that it isn't worth it (or you don't want to alienate anyone, or perhaps if people pay then you have to support and its too costly), I understand. However, I would like to think you would get some return on investment by some simple non-intrusive ways to monatize your product.
And since I didn't say it before, thank you for the software. I know I can't give enough back to sustain your company, but your software is in my daily workflow and is an amazing product. I have also been responsible for getting several other people to use it on a daily basis, and they depend on it as well.
Why do you say that a release with only stabilization brings you more users but not customers? Wouldn't the quality word-of-mouth convince more businesses to switch? And I assume they need professional support anyhow, don't they?
Another Nextcloud enthusiast and (very small) contributor here. Thank you for the awesome work you and the team do :)
Thanks for your work on Nextcloud! I really appreciate what it does. Also thanks for taking the time to answer my rant ;)
On a positive note: Just upgraded to Nextcloud 15 without any issues in a few minutes. I feel it's getting better with every release. You put in a lot of work and I recently logged into an Owncloud 8 install and it's a night and day difference.
I'm also aware that you owe me nothing. I'm fine with that. It's a discussion forum here and I just wanted to write down my experience. I'm sure you'd rather see solid pull requests instead of unwanted advice. Mea culpa.
It would be more fair to compare the LATEST Nextcloud with the LATEST ownCloud.
Both projects are going strong!
Nextcloud is more community-focused, ownCloud is more enterprisey.
I'd argue the opposite, actually, ownCloud is betting on providing hosting for small and medium businesses, while Nextcloud targets large businesses.
And that is what reality shows. Nextcloud has far larger customers than ownCloud, which breaks down at instances over 50K users. The only large-ish oC setup is actually a bunch of separate universities.
Nextcloud is far more scalable. Thanks to Global Scale, our largest installation has tens of millions of users on a single instance, and customers like the German government (300K users) wouldn't be able to work with oC unless they split up their users and create silos.
GitLab seems to suffer from a similar conundrum, and they also seem to have gained a reputation for being unstable. Which is sad. In my experience, GitLab is very stable, nowadays, but it will probably never fully recover from its first impressions for some people.
Thanks for your comment, we really appreciate your feedback about GitLab. Our team is working hard on improving the availability and stability of the platform. Our goal is currently to achieve 99.95% availability on GitLab.com.
According to Pingdom, over the last year our availability has been 99.81%, although this includes the large (multi-hour) maintenance window on 11 August 2018 when we migrated GitLab.com from Microsoft Azure cloud to Google Cloud Platform (GCP).
Since the migration, our availability has improved greatly (caveat: we obviously have much less data than from Azure).
There are multiple reasons for this improvement. We chose Google Cloud Platform because we believe that they offer the most reliable cloud platform for our workload, particularly as we move towards running GitLab.com in Kubernetes. It is worth pointing out that we also used the migration as an opportunity to improve our infrastructure, simplify some components and otherwise make things more stable and more observable. Finally, we've also been focusing on building the infrastructure team up, having hired many new team members over the past few months. This means that the team has been better able to balance the job of running GitLab.com with making it more stable.
Spot on. As an admin the saml situation was a nightmare: it took so long for them to update the saml library, so for a time it wasn't even compatible with their docker images because the library version they were using required mbstring, while many moons ago an updated version of the lib was released upstream without the need for mbstring. I still can't get ss-logout to work either.
We use SOGo as well, and at some point I will get around to integrating SAML into sogo, so at least when users click on the "external sites app" icon for SOGo, they'll be signed in automatically. Either that or add support to use external contacts and calendar dav servers.
I feel like in general there will come a point where PHP's execute and die model won't do. I really wish they'd implement some sort of backend daemon to carry out long running tasks.
My knowledge is a year or two out of date, but I think “it’s all just webdav” is part of the problem, and they sort of painted themselves into a corner by using it as a protocol. They ended up with a bunch of extra API hacks on top of WebDAV for things like multiparty uploads, and things still go wonky if you try to connect a random WebDAV client to it.
I built an ownCloud file storage replacement that worked with their front end client, while it was all technically WebDAV, syncing issues were a nightmare. I have a great amount of respect for how much effort they put into getting WebDAV to work, I just think it’s not not as solid/specified a protocol as one would hope.
Of course, you lose support for 2FA, have crappy notifications and activity feed and so on, plus it is entirely unsupported so I'd recommend against that...
While there is certainly a point about electron apps wasting resources, an electron app would be a lot more maintainable and the GUI could be improved a lot.
For example it's impossible to know which errors are actually a problem, and if synchronization was successful or aborted. Some of the progress information is in a tooltip which changes a couple of times per second.
I had to deploy Nextcloud at work for a couple dozen users and it was a nightmare. There was zero response to any bug reports / questions I had. I even tried to get commercial support, and they wouldn't answer.
The client is effectively a black box, and we can't even get synchronization to work correctly. Some of it certainly is the fault of me or the users. But some of it probably isn't, and it's hard to tell the difference, what with nobody responding to bug reports.
Sorry to hear about the bad experience, that shouldn't happen. We explicitly design Nextcloud to be seamless for small installations like yours - but if you need support, you can simply purchase it directly on https://nextcloud.com/enterprise/buy/ so you don't need to wait for sales people. We'll fix your issues for sure.
Keep in mind: using a bog-standard LAMP stack is your best bet, but you can always add the 1-day installation help to let an expert guide you through the decisions on how to integrate in your infrastructure. We have hundreds of customers with literally tens of millions of users deployed, so by now pretty much every problem has been seen and can be fixed ;-)
Oh, I can totally recommend to my boss forking out at least 2000€ for commercial support by people who take two weeks to respond to any sales requests without knowing if these problems are actually fixable...
Don't use the old ownCloud mess, use the new one. I'm currently running ownCloud 10 and it works great. The stability and architecture of the project have really improved in the last years.
It seems to be scalable too, when you look at the big organizations running ownCloud. All the know-how and feedback of the big instances is flowing into ownCloud, not nextcloud. Speaks for alpha-quality.
I have not tried the migration from nextcloud to ownCloud yet, but it should not be too hard.
ownCloud seems to be going for hosting small and medium sized businesses, I'm not sure what that means for big organizations in the future.
Our customers tend to be bigger, actually. Like the German federal government with 300K users, companies like Siemens, german Radio & TV stations (transferring over 1TB/day!). Our biggest deployment (in a single instance) is over 20 million users - see nextcloud.com/globalscale for how we pull that off. ownCloud has no equivalent solution for such installations and breaks down at about 50K users.
For home users or very small businesses, the difference might not be that big but the migrations we do for customers show time and again that there is a big improvement in performance and reliability, especially on large installations.
Try logging a support ticket on portal.nextcloud.com. LDAP is an enterprise feature so it is an area where we strongly focus on customers and their issues first, and if none of our customers experience this problem it can take a long time to get resolved as we're always very busy...
My guess he is referring to https://github.com/nextcloud/server/pull/12693, which sits there as a pr for 16 days now (even though it was opened from one of the nextcloud core team afaik).
This. Their sync on android sucks big time. I go to my gallery, select 20 pictures and send them to Nextcloud, only to find only 5 of them have been actually uploaded. It happens every.single.time. Gonna switch to Seafile really soon.
Can't confirm this experience. I have auto-upload enabled, and I've never had any issues with my pictures not syncing. Did you check the upload status on your phone during this time? Pictures can get very heavy, and it might just need more WiFi time to upload 20 of them.
I do see some issues with really large files. Files over 50Mb. My server has limits imposed and the resulting error is not communicated back to me on the app. The app merely states "Failed to upload". For me, this is the only issue I ever get, but without knowing the cause it does feel very "random".
In my case, I managed to track it down and, by knowing what causes the sync issue, I can avoid it, or ignore it.
Could be that grandparent has this issue too bu her/his server is set to much lower limits even?
All depends on your server and settings and network of course... But the mobile clients could probably do more uploads in parallel, like the desktop client does.
Just keep in mind it uploads the original files, not, like eg whatsapp, downsized, compressed one that is 1/10th the size...
Not sure why you’re downvoted - those are legitimate questions.
I’m on a local network over WiFi. The “server” is a RPi3+ with an extrernal USB 3 drive. Granted, I don’t expect it to be blazing-fast, but not 3-5 pictures-per-hour slow either.
Something is fundamentally broken on the iOS app especially since both the Windows and OSX clients are much faster (same network).
3-5 pics per hour is indeed insane, that is a certainly some bug. Especially if it is iOS specific. Be sure to file the bug with as much info as possible (see if you can probe network activity or just see if the app uploads a file and waits for 10 minutes or something...)
We do very frequent releases so perhaps it'll just be fixed at some point ;-)
Thanks, I appreciate it. I may try it again now that you said that - it’s been a solid year since I installed it (version 10?) right after the split from OwnCloud.
I often find myself in your shoes in my daily work - answering frustrated users’ emails - but it’s funny how when the tables are turned, I am reminded how something as simple as “we fix stuff frequently, and sorry for the problem” makes a huge difference in product perception.
Also, it’s a free product, you don’t owe me an apology at all, but thanks!
A possible cause is that not all file systems support the same character sets in paths, so syncing can fail due to invalid names. In this syncthing issue, someone mentions that e.g. Hangouts inserts colons in image names: https://github.com/syncthing/syncthing/issues/1734#issuecomm...
Maybe Seafile somehow found a good solution that doesn't cause breakage in other places. Any specific reason you want to switch to them?
I can tell you as a Seafile user it's pretty slick. There mobile app is polished, and there core offering is stable. Been running an install for years and I've never had issues through many upgrades and iterations on the same install.
From a server admin perspective, they support docker natively and there support of WebDAV and FUSE give you a lot of flexibility in how you can leverage the software.
I'm interested to know what problems you've had with the sync clients. In my household we use it on a mix of windows, Linux, Android, and iOS devices and it's extremely smooth.
One nice little problem is that in my installation we have a couple of zombie files. Whenever we try to delete them, some users' clients doesn't want to delete it and reuploads it. Short of resetting and redownloading these clients' sync state, nothing else has worked to resolve this issue.
Sync problem on android nextcloud app - it was very slow, showed zig-zag pattern on bandwidth usage. That bug was solved but nextcloud app still does not utilize all of bandwidth.
Can not fail and resume, basically there can be months of pictures lost since it resumes, crashes dies, does not resume next time. The android app that is.
Disclaimer: I fixed some of these bugs, so seeing the source-code was repulsive enough, but there just isnt anything else better as far as I know.
It is more of a toolbox for building NextCloud or anything else. But all the components have been tested on all platforms and work (and are secure). It has a working, fully documented plugin API.
I was all excited to set up Next loud on my Raspberry PI. Got it up and working and then I found out that it doesn't do two-way sync, which was what I was hoping to use it for.
I wholeheartedly agree that they should focus on more important features.
I use nextcloud in my home with a mix of clients, all working on the same files. Changes propagate up and down to/from all clients. Maybe you mean something different?
edit: I thought they were talking about ActivityPub since the issues look similar to ones people raise about it. Whoops.
-
I am of two minds here:
1. Minimal specification worked for HTTP.
2. Most problems with HTTP come from it being minimally specified.
ActivityPub is exploding the way HTTP did. At worst, it's as imperfect as HTTP. At best, it's a way to get people used to federation for whatever comes next and improves on it.
Sorry, we don't offer that. We focus, instead, on paid support for larger enterprises, ideally well over 100 users. This way we don't get tempted trying to monetize home or small enterprise users, but instead have an incentive to provide them something that works out of the box so they 1. don't ask questions on the forums/twitter/etc and 2. advocate for what a great solution Nextcloud is!
So, it should 'simply' be good enough for home and SMB users. If it is, we failed, and I'm sorry for that and hope we can fix it!
Of course, nothing is ever perfect, especially given the unlimited ways people use Nextcloud and the hundreds of thousands of Nextcloud servers out there...
End user of NC here, have it setup on a little Digital Ocean droplet. I switched from OwnCloud shortly after the fork, and sync contacts/calendar/notes between my desktop and android. Pleasantly surprised with how well things work.
My favorite thing to do is upload a short video from my phone, and send my family the share link. Much better than uploading to YouTube / Facebook. I also do photography, and love how easy it is to share a gallery in a few seconds. When I'm done in Lightroom, I just export JPGs to the directory, and copy over the share link to the gallery app. Great user experience!
I'm glad NC is continuing development, and it's interesting that they're adding federation to the client, but I'm not sure it's a feature I'd use. Though I'd like to setup a mastodon instance for myself, there's too much docker/nodejs bloat and hastle, and I've yet to successfully get an instance online. (Even if I did, I'm not sure I'd use it very much.)
I started using NC for docs and calendar. Really happy with it. things work great and sharing things via links works great. Especially like how you can add expiry to shared links.
I'm not an expert in cloud envs, but I have set up a run machines in GCP and consider myself capable. I had a really hard time finding a guide for setting up NC in a GCP VM and following the instructions. When I ultimately wound my way through them to the point of testing something, I hit a brick wall regarding some kind of auth, if I recall.
Similar situation here. I'm wondering if this might be enough to stop me from trying my own Mastodon instance. Might be nice to not have to support even more platforms.
How will these systems defend against spam, click farms, troll armies, and AI assisted or powered sock puppeting when they get big and/or influential?
This is usually what kills federated and decentralized communication platforms. They can work fine as long as they are too niche for bad actors to target, but as soon as there is money to be made or political influence to be had from targeting them they are destroyed by abuse.
It's a major threat for the centralized platforms, and those are easier to defend.
Today's Internet is a battlefield in a global information war and new systems must be designed accordingly. Unfortunately most efforts that I see in these areas still make optimistic assumptions and underestimate the sophistication and determination of bad actors.
Instances that don't police this get silenced or defederated. Much of the fediverse is made up of small invite-only instances that share information on bad actors like this. The bigger ones have mod teams and are generally run by people who don't equivocate on keeping bad actors to protect ad revenue.
edit: This is, at a minimum, a good experiment to see if these kinds of propaganda are inherent to social media or only possible because ad-funded silos are loathe to ban obvious bad actors and not enable them with their tools.
I'm on the side of blaming Facebook and Twitter. They didn't create propaganda, but they sure did make it cheap and easy.
That's a start, but my concern is that the volunteer militia will get swamped and burnt out when the real attacks come.
Right now Mastodon and other ActivityPub platforms are too small for a Cambridge Analytica / Russian FSB or other similar caliber actors to bother with. Twitter, Facebook, Instagram, etc. are where most of the users are so that's where most of the effort will go.
If these platforms ever "tip" into mainstream adoption, prepare to be targeted by organized crime gangs running financial scams, nation states, corporate PR firms, and other organizations with hundred million to billion dollar budgets.
What I really wanted to do was to stress the fact that this is a battlefield. One of the trends I see in the early 21st century is the dematerialization of warfare. Wars can now be fought entirely online. Governments can be toppled. Economies can be destroyed. Corporations can be imploded. All this can be done with a mixture of cyber attacks and propaganda. As a result we are seeing the redirection of military budgets toward these things. The sort of spam and amateur brigading that most volunteers are used to dealing with on social forums and platforms is nothing compared to what the big social media platforms are facing now and that is nothing compared to what's coming. Billions of dollars are currently being spent by PR firms, advertisers, and governments to develop increasingly advanced AI and big data powered propaganda platforms to weaponize the Internet. In the future we'll probably see fully automated AI driven propaganda, what I've started calling "con artistry at scale."
Federated and decentralized platforms are very vulnerable in ways that silos are not, and this has to be thought about. It's easy to create quiet apparently friendly and normal Sybil nodes that passively suck down data and then use that data to mount active attacks from other directions. Volunteers may fight active attacks, but they may have no way of knowing which apparently normal nodes are actually passive participants in those attacks. Also keep in mind that "attacks only get better." With each attack the attackers learn, and it's generally easier to attack than to defend (in cyber-security in general, not just here).
I'm on masto regularly and the community is much more pleasant there (than say Twitter). A lot of users attribute that pleasantness to decentralization. I call BS. It's because it's a tiny self-selected group that wants the opposite of what Twitter provides.
You're absolutely right: once this tips, and people join because that's what you have to join to talk to people and not because they're looking for a real change, then it'll be unbearable.
The best thing that can happen to fediverse is that it will continue to grow incrementally, so that at each step they can see the missing moderation tools and build them before it all blows up.
Personally I think we'll look back on these massively open networks where everybody can reply to everybody as an anomaly.
> Personally I think we'll look back on these massively open networks where everybody can reply to everybody as an anomaly.
It's cyclical.
- The internet and online communities (BBSes) started out decentralized.
- Then came AOL / Compuserve / etc. Centralized platforms.
- The web broke up those platforms and shuffled everything around.
- Then the current Google / Facebook / Twitter megaplatforms arose and that's the state we're in.
So it's logical that we're ready for a decentralized cycle but over time, users will forget why decentralization is good and another big platform will rise.
I have found this silly WRT "there are no viruses for Linux because no-one uses Linux" too.
If it is small, the attack is going to be much cheaper too. You don't need 24/7 active armies of trolls, you need one, maybe two parttimers to attack a small mastodon service.
My argument is that at all moments the attackers will weight benefits and costs. Currently, apparently, the costs to infiltrate, spread fake-news, or troll is too high.
This is caused by both the size of the attacked community (the benefits to the attackers are low) but mostly due to the attack being hard enough to not implement it.
> My argument is that at all moments the attackers will weight benefits and costs. Currently, apparently, the costs to infiltrate, spread fake-news, or troll is too high.
This is essentially restating the argument you find silly :). Linux didn't have viruses, and Mastodon doesn't (yet) have paid troll armies, because in both cases, why go to all the effort there, when the same effort on the popular platforms can yield you orders of magnitude more gain?
I don't think the important question to ask here is if it can survive, it's how can it survive. These sort of tools should be in the commons anyway, just like social media.
Monolithic social media is not sustainable and often times quite harmful because it optimizes for engagement. The Fediverse will deal with this one way or another, worst case everyone switches to whitelisting.
I've been in favor of adding a limit - once you can remove by deleting a few lines of code of course - to the number of users an instance can hold. Purely for symbolism. It worked when Elasticsearch was added to Mastodon and a "viewable_by" property was added so you could only search for things you had engaged with.
I totally agree. I'm not trying to poo-poo this stuff, just trying to ask some questions. I'm asking in part because I'm curious about what has been developed and what's being contemplated for the future.
I think one promising avenue is to start doing our own work in AI / deep learning powered countermeasures against attacks. AI doesn't replace humans (yet?), but it does augment them. A citizen militia vs. an AI-augmented propaganda army would be toast unless the citizen militia is also leveraging the force multiplying power of AI.
Given the agility of small actors at innovation, the citizen militia might actually end up with better AI than the PR flunkies and propaganda mills.
> Federated and decentralized platforms are very vulnerable in ways that silos are not, and this has to be thought about.
It's funny because current FLOSS decentralized platforms are so horrendously designed, hopelessly unscalable, and obviously unmaintainable that the silos like Facebook and Twitter should be decades ahead in their ability to eradicate nation-state trolls and sock puppets.
Yet look at the recent NY Times article on Facebook-- their Republican lobbyist said they couldn't publicly release the results of their 2016 election investigation because his own mother had friended one of the Russian trolls revealed by their chief security officer. And we only know any of this because of leaks.
And that's apparently after their security officer ignored the board and legal's advice to stop investigating!
So right now you've got two choices:
1. silos with a business model that prevents effective defense of users from the attacks you describe.
2. poorly designed/conceived decentralized FLOSS thingies that will probably fail in ways similar to Debian's openssl RNG/valgrind debacle.
Debian eventually fixed that bug. How do you predict Twitter/Facebook will fix their business models?
Given the kinds of communities that have flocked to the fediverse the past year, moderation tools have always been a top priority of apps adopting ActivityPub. Features have been killed due to the potential for abuse, too.
My hope is that as the fediverse grows, support becomes a must-have feature for any new social site/app. A nascent social site doesn't need to attract an initial core community if it can plug you into one that already exists.
In the other hand, as a home user I like to be able to install only one base system (Nextcloud) and use it for all of my online life. This will free me up from setting up yet another system (Mastodon etc) only to host my social networking needs.
And this is implemented as a separate app, so you can dismiss it if you don't need it.
Most of those features are optional. So if you don't care about some functionality just uninstall the specific 'App'. Sure that is not as secure as not having those Apps in the first place, but I think, in general, Nextcloud is moving into the right direction, as many of their use-cases require a tightly integrated but wide set of features.
> Most of those features are optional. So if you don't care about some functionality just uninstall the specific 'App'.
That's true, but unless there are new developers joining to create/support these apps the addition of these new features may spread the developers too thin. Personally I'd rather have a robust set of smaller features than a buggy implementation of a lot of features. The latter is okay if it's just a "for fun" type of project. But I use nextcloud to keep my calendar/contacts/file-sync, so it's really not okay if the core functionality is unstable. So while I can uninstall these apps, I personally worry that it means less attention will be paid to the core features.
That is like saying ice cream makers should focus on the 'core' tastes, claiming that that is banana and vanilla because you like those.
For you calendar and contacts are core for a file sync and share software? Above somebody also asked us to focus on 'core', meaning adding ACL's and probably dropping the calendar/contacts.
So it's like the fable where god decides to ask people what weather they want and everyone wants something different so he decides to go back to doing whatever the fuck he wanted. We just keep letting ourselves guided by contributors and customers...
> That is like saying ice cream makers should focus on the 'core' tastes, claiming that that is banana and vanilla because you like those.
From my point of view, I'm suggesting the ice cream makers should stop trying to make paninis to go with the ice cream and instead focus on making sure the ice cream cones don't have holes in the bottom.
I nearly lost all my files because server-side encryption went wonky. That's core functionality that should, imho, be fixed before going off into ActivityPub.
More generally, I have trouble being enthusiastic about "We added activitypub" focus because of what it seemed to do to MediaGoblin. That project seemed to be chugging along and making steady progress until it seemed they focused a lot of their energy into ActivityPub. Since then, MediaGoblin hasn't really had any of its functionality updated, as far as I can tell. They certainly don't seem to have released a new version in over 2 years.
All for avoiding Panini's, but we're a Content Collaboration Platform - and Nextcloud Social fits certainly well in that.
WRT server-side encryption, it gets work all the time, though it is mostly an enterprise feature that gets love when enterprises pay for that. Very few volunteers work on it, if any. Help is of course welcome, in the end - either somebody pays for it, or somebody puts in free time.
This is true for every open source project, of course.
WRT MediaGoblin, no worries, it isn't like Nextcloud Social has all our attention. I guestimate it is at most 5% of our engineering time, if that. That is enough to make it work and improve it release over release, and we'll put in more if there is customer interest or lots of community contributions, but we always start such new things small. Talk started as a night-long-hacking-to-prove-it-could-be-done and now has 3-4 engineers on it full-time, because customers want to pay for it. Which also means it doesn't take away from other things - if we didn't do it, we simply couldn't afford these engineers in the first place. It isn't like they would work on server-side encryption ;-)
To be fair, most of the extra features (including this one) are apps that you either have to enable or can disable.
And even though I initially installed Nextcloud as basically an FTP alternative too, I absolutely love how I've been able to migrate my contacts and calendar over (away from Google) with basically no hassle.
It is all apps. You can even disable sharing. Heck, you can disable the Files UI...
Note that most people use Nextcloud to work with others and features like these are crucial to their productivity. In the end, we're guided by community contributions and customer demand... Luckily you can disable things you don't like :D
« and soon Diaspora are part of this same network [ie. ActivityPub] » — I was surprised to read that, and after a quick check, it's not looking like it'll happen anytime soon, sadly.
diaspora* is one of the most famous and successful open, federated social networks out there, yet it does not implement the protocol which is gaining unprecedented traction across a large number of implementations. Hopefully, Nextcloud implementing ActivityPub is yet another reason for diaspora* to follow the move.
Is it really? Not being snarky here, but I joined diaspora early on and a year or so after the untimely death of the co-founder the project felt like it was going no where. 6 years later it feels like I never hear anything about it, and ActivityPub is almost a must for any serious "open" social network now.
Sounds great, but honestly I hoped that federated calls would finally make it...
I mean, Federation is a core feature of Nextcloud and instead of finishing the work on Talk, we have a second (probably similarly incomplete) feature now, which needs to be polished for the next major releases.
I don't want to be negative here.
I love Nextcloud and the work that is being done around it! It is just that sometimes I wonder about the priorities and in this case, I wish improving existing things would have come before introducing new things.
Besides that, I am quite excited to try out the new social features :-)
I really like the upspin approach for federated self-hosting of userdata (for lack of a better term) in that it builds a platform for it that apps like nextcloud and others would build on top of.
I'm not saying its the right solution, but I think trying to get the layers right to make self-hosting a wider and more reliable reality is only going to happen by building the right opensource platforms/components first.
Yup. Also, VC funding? Heck no, we started Nextcloud because VC funding had bankrupted and blown up ownCloud... I mean, seriously. It is now owned by a German real estate agent...
I have been using NC for a few years now and I am mostly happy with it. Contacts, calendars, sharing, photo auto uploads all work with my Android phone.
My problem is the software is pretty slow and from a security perspective I'd be hesitant to expose it to the greater internet. That's just my gut feeling.
I feel the same. Basically, I wouldn't like to publish the address of my personal Nextcloud server to anyone (unless I am sharing a file privately with a friend). Fortunately, the social features are not built into the Nextcloud core, rather they are in a separate app. So we can just forget about it if we don't like it.
If you're not sure about the security you can firewall it of course, but keep in mind we pay 5K to anyone who can find a remote execute vulnerability in Nextcloud (and smaller amounts for smaller bugs).
my org just moved to FileCloud from NextCloud and it's working out so far. FileCloud is not opensource. but the base functionalities are solid especially sync and user management.
What do you mean by "not on the web"? It is accessible on the web. Everybody with a web browser can see public posts and replies. For writing new posts, you need an account though. Here is the public account of Mastodon's founder: https://mastodon.social/@Gargron
I can’t post or reply by creating a web page, and identity is not email or dns, but specific to whatever mastadon instance I register with.
I already have a domain, blog, and email. Posts, replies, likes, etc. But mastadon doesn’t work with the web, or my existing web identity - instead it’s entirely based on federated ActivityPub servers plus various extensions.
So get a blog that complies with ActivityPub or host a Pleroma instance with an account that mirrors your blogposts / posts them on the fediverse. Shouldn't be hard.
Go has much better concurrency, networking, and packaging capabilities. NodeJS can be used for both, front-end and back-end, including iOS / Android. Clojure(Script) provides more than Go and NodeJS combined, but was too new at the time. Even Python would be a much more powerful choice than PHP for anything, that is not a simple LAMP application.
Most of your points are irrelevant (packaging, JS as a compilation target, mobile development) as they do not support your argument that PHP would be inadequate for the task at hand. You seem not to like PHP, which is fine, neither do I, but this is not conclusive.
I have spent many years doing PHP development and still do, but the only technical people I know who pick PHP for new projects are the ones, for whom it's the only programming language they know. Therefore, my trust in their all-around competence is very limited.
I downvoted you because PHP is a perfectly fine choice. All web scripting languages are cross platform and work perfectly fine, there's no one right language.
I have to tentatively agree... I would think that Python, NodeJS and Go would all be better options. Node would have the benefits of similar tooling for the UX/UI side as the backend, Python would also be scripted with more consistent constraints and Go was designed for this kind of workload.
NodeJS didn't exist, Python is slow and Go scales fine on ONE server but doesn't scale horizontally very well... while PHP scales perfectly that way. It has downsides, which is why we pick other languages for some components (our Spreed High Performance Back-end for Nextcloud Talk is written in Go, our app store in Ruby).
But talk was initially written in Go, which made it harder to install, so we actually rewrote it in PHP... There's a lot of value in having a built-in app store that is easy to use from the web UI. There is a reason why the web runs on PHP. And it isn't because it is perfect, but it has some neath advantages that just help in many scenarios.
I came to resent their marketing blog posts. If you look it's just an alpha version that just got hacked together, often with problems, often not fixed long after the release. There still lot's of serious bugs in end to end encryption for instance.
There does not seem to be a lot of work to improve the base features. Syncing, ACLs, User Mangement leave a lot to be desired. It's not easy but they are in a position where they really could be a perfect solution for a lot of people and probably also charge good money for it - but at the moment it feels like they just build alpha-grade fancy addons.
Me and probably most users would love a no-feature, we just fix the most serious bugs on our github issues release-cycle. I'm fine when it's called Nextcloud 16 and takes a year, hell take your time, but basic functionality should be rock solid.
I also don't get why they ignore the existing open-source ecosystem. Make it possible to integrate SOGo for Calenders and Mail - it's all webdav in the browser anyway. SOGo at least has somewhat working ActiveSync. Same with SAML/Shibboleth/Kerberos - some things got fixed, very late. No deployment story for Active Directory or even Linux.
User management is a mess - the Circles app is a good idea that is crippled by usability and functionality bugs... that possibility to have self-selecting groups and decentralized management is a huge win for them, but they don't seem to realize that this is an important use-case.
Nextcloud is very close to what would be ideal for a lot of smaller organisations, but they somehow are unable to polish what they have but decided to pile alpha-quality on alpha-quality code (and ignore the bug reports)...
That beeing said, it mostly works but your users won't be happy.