The topic of self-hosted cloud software comes up often but I haven’t seen anyone mention owncloud infinite scale (the rewrite in Go).
I started my cloud experience with owncloud years ago. Then there was a schism and almost all the active devs left for the nextcloud fork.
I used nextcloud from it’s inception until last year but like many others it always felt brittle (easy to break something) and half baked (features always seemed to be at 75% of what you want).
As a result I decided to go with Seafile and stick to the Unix philosophy. Get an app that does one thing very well rather than a mega app that tries to do everything.
Seafile does this very well. Super fast, works with single sign on etc. No bloat etc.
Then just the other day I discovered that owncloud has a full rewrite. No php, no Apache etc. Check the github, multiple active devs with lots of activity over the last year etc. The project seems stronger than ever and aims to fix the primary issues of nextcloud/owncloud PHP. Also designed for cloud deployment so works well with docker, should be easy to configure via docker variables instead of config files mapped into the container etc.
Anyways, the point of this thread is:
- If you never heard of it like me then check it out
- If you have used it please post your experiences compared to NextCloud, Seafile etc.
I personally will never use nextcloud, it is nice interface side but while I was researching the product I came across concerns with the security of the product. Those concerns have since then been fixed but the way they resolved the issue has made me lose all respect for them as a secure Cloud solution.
Basically when they first introduced encrypting folders, there was a bug in the encryption program, and the only thing that ever would be encrypted was The Parent Directory but any subfolder in that directory would proceed to not be encrypted. The issue with that is that unless you had server-side access to view the files you had no way of knowing that your files weren’t actually being encrypted.
All this is fine it’s a beta feature right? Except for when I read the GitHub issue on the report, they gaslit the reporter who reported the issue saying that despite the fact that it is advertised as feature on their stable branch, the feature was actually in beta status so therefore should not be used in a production environment, and then on top of , the feature was never removed from their features list, and proceeded to take another 3 months before anyone even started working on the issue report.
This might not seem like a big deal to a lot of people, but as someone who is paranoid over security features, the projects inaction over something as critical as that while trying to advertise themselves as being a business grade solution made me flee hardcore
That being said I fully agree with you out of the different Cloud platforms that I’ve had, nextCloud does seem to be the most refined and even has the ability to emulate an office suite which is really nice, I just can’t trust them, I just ended up using syncthing and took the hit on the feature set
Ugh. I know that feeling. That’s why I’ve blacklisted salt stack.
https://news.ycombinator.com/item?id=5993959
There’s a particularly toxic combination of ignorance, laziness, NIH and hubris that you need to make a mistake like that, and I want it nowhere near my servers.
If you own the hardware it isn’t a issue
Saying files are encrypted when it is not true is an issue, regardless of who owns the host box. Even for a small instance that is private family or friends.
Someone could simply modify Nextcloud to lie about encryption. If you don’t control the server there is no way to know.
Yes, it is. If people are relying on files to be encrypted they may dispose of their disks differently. Or the NAS might be stolen.
Or an threat actor might just turn it off
It all depends on your threat model, I own my Hardware as well but I’m still not going to use a software that is shown to me that they don’t take security seriously but I’m also more paranoid than most