ownCloud Planet en-us http://owncloud.org/planet/rss-feed The ownCloud blog planet with posts from all ownCloud contributors Wed, 23 Apr 2014 16:39:41 +0000 Wed, 23 Apr 2014 16:39:41 +0000 Fighting Cargo Cult – The Incomplete SSL/TLS Bookmark Collection https://daniel.molkentin.net/2014/04/21/fighting-cargo-cult-the-incomplete-ssltls-bookmark-collection/ https://daniel.molkentin.net/2014/04/21/fighting-cargo-cult-the-incomplete-ssltls-bookmark-collection/ https://daniel.molkentin.net/2014/04/21/fighting-cargo-cult-the-incomplete-ssltls-bookmark-collection/ Mon, 21 Apr 2014 10:00:00 +0000 Engage Padlock!Throughout the recent months (and particularly: weeks), people have asked me how to properly secure their SSL/TLS communication, particularly on web servers.

At the same time I’ve started to look for good literature on SSL/TLS. I noticed that many of the “guides” on how to do a good SSL/TLS setup are actually cargo cult. Cargo cult is a really dangerous thing for two reasons: First of all, security is never a one-size-fits-all solution. Your setup needs to work in your environment, taking into account possible limitation imposed by hardware or software in your infrastructure. And secondly, some of those guides are outdated, e.g. they do neglect the clear need for Perfect Forward Secrecy, or use now-insecure ciphers. At the worst case, they are simply wrong.

So I won’t be providing yet another soon-outdated tutorial that leaves you non-the-wiser. Instead, I’ll share my collection of free and for-pay documents, books and resources on the topic which I found particularly useful in the hope that they may help you in gaining some insight.

Introduction to SSL/TLS

If you’re unfamiliar with SSL/TLS, you definitely should take half an hour to read the Crypto primer, and bookmark SSL/TLS Strong Encryption: An Introduction for reference.

Deploying SSL/TLS

So you want to get your hands dirty? Check your server setup with Qualys SSL Labs’ server test. Make sure you fix the most important issues. You should at least be able to get an “A-” grading. If you find yourself in trouble (and are the administrator of an Apache or nginx setup), you should read the OpenSSL cookbook. Professional system administrators should have Bulletproof SSL/TLS and PKI on the shelf/eBook reader.1)

  • Qualys SSL Labs is a web site that can analyze the quality of a given SSL/TLS setup (HTTP only) using a nice rating scheme 2) and providing hints on how to easily improve your setup.
  • Bulletproof SSL/TLS and PKI – Subtitled The Complete Guide to Securely Using SSL/TLS and PKI in Infrastructure Deployment and Web Application Development, this book is still work in progress (and is constantly updated, also according to readers feedback). Its author, Ivan Ristić, is also the guy behind ssllabs.com. While not finished, a preview eBook is available for £19 (roughly €23 or $32). Purchasers will receive the full eBook once finished. You can also pre-order a hard copy
  • OpenSSL Cookbook  – Extended excerpt from Bulletproof SSL/TLS and PKI. Suitable to secure your web server. Free download (requires registration).
  • Up-to-date cipher suite recommendation from Mozilla with detailed explanation on why it was chosen. (Thanks to Tom Brossman).
  • Efficiently picking PFS-compatible cipher suites for IIS (using PowerShell).

The SSL, the TLS and the Ugly

If you are a dedicated IT professional, you should not miss the next section. Although it’s not crucial for those wishing to “simply secure their server”, it provides those who are responsible for data security with a clear understanding of the numerous theoretical and practical limitations of SSL/TLS.

Tools and Utilities for Debugging SSL/TLS

Sometimes you need to debug errors during the SSL handshake. While a bit primitive, OpenSSL’s s_client tool is the weapon of choice. When it comes to monitoring SSL/TLS encrypted communications, use mitmproxy or Charles. They need to be added as proxies, but can also intercept PFS connections, due to their active MITM position.

This list is not exhaustive and if you have more suggestions, please go ahead and post them in the comments. I’ll be happy to add them.

Finally, just like with system administration in general, you’re never “done” with security. SSL/TLS is a swiftly moving target, and you need to be aware of what is going on. If you are an IT professional, subscribe to security mailing lists and the announcement lists of your vendor. Finally, while I’m aiming to update this page, there’s never a guarantee of up-to-dateness for this list either.

Update (22.04.2014): Don’t miss the discussion on this article over at Hacker News.

Article History

  • 21.04.2014 – Initial version
  • 21.04.2014 - Added “The Case for OCSP-Must-Staple”, Mozilla Cipher suite recommendation
  • 22.04.2014 – Updated to add sslyze and cipherscan, added HN link, fixed typos

1) I do realize that I am courting Ivan a lot in this section and that relying on only an a single external web service that can go away any day is not a good thing. At the same time I think that the handshake simulation and the simple rating process are priceless, as such assessment cannot be trivially done by people whom’s life does not revolve around crypto and security 24/7. At the same time, I’m happy for any pointers towards other, user friendly tools.

2) While blindly following the rating can easily lead to the establishment of cargo cult, ssllabs.com is continuously updated to only give those a good grading that follow the best pactices. Again: Avoid Cargo Cult, make sure you have a good idea of what you are doing.

Why does YouTube insist on weak RC4? http://www.arthur-schiwon.de/why-does-youtube-insist-weak-rc4 http://www.arthur-schiwon.de/why-does-youtube-insist-weak-rc4 http://www.arthur-schiwon.de/why-does-youtube-insist-weak-rc4 Mon, 14 Apr 2014 06:07:00 +0000
YouTube delivers video with RC4 only

A few weeks ago, Google did some changes to YouTube. Now, when you attempt to watch a video on YouTube, the video will be streamed using the RC4 cipher. If you disable RC4 in your browser, no video will be loaded. You cannot watch it. It is also documented in a Google groups thread. The first time I heard about it was when Faldrian shared his experience with googlevideo.com (German), while YouTube still worked without RC4. A bit later Google extented it on YouTube.

What's bad about RC4

RC4 is a widely used stream cipher. For instance it is used to safely transport Video or Audio by symmetric encryption. The advantages of RC4 are that is simple and fast. But it also has its drawbacks.

It is said the the RC4 cipher is cryptographically broken (=insecure) for years. Jacob Appelbaum states the NSA can break it in real time. If this is true, it is as good as no encryption. Although no proof exists in public, it seems to be very likely. If you want to be on the safe side, you disable RC4 in your browser. But you cannot disable it for certain web sites only (or only whitelist sites) – it affects all sites.

Even Microsoft recommends to stay away from RC4.

There may be good reasons for Google doing so, after all they usually reason things out before taking actions. It might have been that Google did not send their videos over an encrypted HTTP connection before (pure speculation), but now they do. Well meant is not necessarily well done. If it drives people to keep using RC4, worse security is the result. My guess is they switched all traffic to TLS encrypted connections, after certain Snowden leaks, and RC4 was the fastest and easiest to implement for video streaming.

An interesting side note is that Google filed a draft for an alternative stream cipher for TLS. The candidate is ChaCha20 by Bernstein. So maybe RC4 is just a temporary move?

So what?

I keep RC4 disabled, YouTube is not that important to me. Except for YouTube, I believe I came across only one other site that relied solely on RC4, and it was far less important, even I do not remember which one it was.

Only I wish that more people or blogs would move away from YouTube. The other major reason for this is also to go away from (centralized) services provided by companies that are too big to be good.

Bookmarklet: Search for video on other sites

Since people will not stop to link to YouTube in the near future, I need to find the video on other sites if I want to watch them. I wrote a little bookmarklet (What is a bookmarklet?) that I can click when I end up on a YouTube video. It will take the video title and start a Google video search excluding youtube.com.

Now, not every video will be available somewhere else. Bad luck. On the other hand, many videos on YouTube that are blocked in Germany can be freely seen on other sites. Interested in the bookmarklet? Drag the following "link" into your bookmarks list. Below is a quick video howto if you are new to bookmarklets and also the source code.

Find this video!
    var title=document.getElementById('eow-title').getAttribute('title');
    var noyt='%20-site:youtube.com';
    var se='http://www.google.com/search?&tbm=vid&q=';

Why actually a Google search? – Mainly for ironic reasons. Most likely you can use any search engine that offers a video search if you adjust the URL and parameters. My search engine of choice is startpage.com, by the way, and I do block Google cookies.

ownCloud Client 1.6: The Tour https://daniel.molkentin.net/2014/04/09/owncloud-client-1-6-the-tour/ https://daniel.molkentin.net/2014/04/09/owncloud-client-1-6-the-tour/ https://daniel.molkentin.net/2014/04/09/owncloud-client-1-6-the-tour/ Wed, 09 Apr 2014 09:55:00 +0000 Now that ownCloud 1.6.0 beta1 is out, it’s time to explain the story behind it:

owncloud-icon-256This release was developed under the promise that it would improve performance 1), and we have made tremendous improvements: Using a new Qt-based propagator implementation, we can now perform multiple simultaneous up- and downloads. We still provide the old propagator for certain situation where it’s more suitable, such as for situations where bandwidth limitation is needed.

Furthermore, the sync journal access code has been significantly optimized. It paid tribute to most of the high CPU load during the mandatory interval checks. CPU usage should be much lower now, and the client should be usable with more files at the same time.

Windows users should also find update times improved as the time spent in file stat operations has been reduced. Mac OS X users will enjoy the benefits of a much improved file watcher. To be able to use the more efficient API, 1.6 drops support for Mac OS Snow Leopard (10.6) and now requires Mac OS 10.7 or better.

At the same time, production releases are now using Qt 5 rather than Qt 4 on Windows and Mac OS X2). This fixes a lot of visual bugs in Mac OS X, especially for Mavericks users, and allows us to profit from improvements in the SSL handling, especially on the Mac.

We also implemented an item that was on many peoples wish list: a concise sync log. Next to the database, the sync folder now holds a hidden file called .owncloudsync.log. It will store all sync processes in a minimal CSV file. Contrary to previous logging facilities, it always logs and only collects information relevant to the actual sync algorithm decisions.

Because this tour was not as colorful as the previous one, let’s close this blog post with a feature contributed by Denis Dzyubenko: The settings dialog on Mac OS X now has a native look & feel:

Watch on Youtube

Get ownCloud Client 1.6.0 beta1 now and provide feedback!

1) Now that while the client is multi-threaded, you may find that the transfer time still doesn’t improve as much as you would expect. This is due locking issues on the server which prevent efficient parallel transfers. This has been improved in 1.7, and could potentilly improved even further by implementing support for X-Sendfile/X-Accel-Redirect in SabreDAV, the DAV framework used by ownCloud server.

2) We can’t do the switch even on modern Linux distributions mostly due of the poor support for modern and divergent Systray/Notification area support in Qt5: Even in Qt 4 we could only use it because Canonical had patched their Qt to make QSystemTrayIcon work with Unity, which they have not ported to Qt 5 yet. Gnome 3 also hides away traditional Systray icons way to well, not to speak of Plasma. Any leads would be helpful.

PS: Martin’s blog on the subject indicates that Qt 5.3 might solve the problem.

Hi ownCloud! http://blog.jospoortvliet.com/2014/03/dear-owncloud-community-as-you-might.html http://blog.jospoortvliet.com/2014/03/dear-owncloud-community-as-you-might.html http://blog.jospoortvliet.com/2014/03/dear-owncloud-community-as-you-might.html Mon, 31 Mar 2014 13:21:00 +0000 Dear ownCloud community!
As you might have read on the ownCloud Inc. blog by Frank, I'll be joining ownCloud Inc. as community manager tomorrow. Like in my previous gig at SUSE, I consider the 'manager' part of the title to be about helping out the community wherever I can. To put it less graphically than Frank did: you get another person to talk to when you think we can improve things.

I'm excited to get started and find out what should be done. Of course I have thoughts and ideas on that but I am not the type to have a strong opinion before I know what is going on and have heard a bunch of opinions about it. And although I've been around ownCloud a fair bit, having written and talked about it, used it and knowing many of you, I intend to take my time to get to know you all better. Of course, marketing is my thing, so I'm sure to be around in that area, helping spread the word on what ownCloud is doing and why it matters.

Opinions, ideas and introductions are very welcome! I'm around on most social media but most actively on G+ and of course you can email me, ping me IRC and so on.

I really look forward to getting my head in the clouds with you all!
ownCloud @ Chemnitzer Linuxtage 2014 http://dragotin.wordpress.com/2014/03/19/owncloud-chemnitzer-linuxtage-2014/ http://dragotin.wordpress.com/2014/03/19/owncloud-chemnitzer-linuxtage-2014/ http://dragotin.wordpress.com/2014/03/19/owncloud-chemnitzer-linuxtage-2014/ Wed, 19 Mar 2014 08:45:00 +0000 Last weekend Daniel, Arthur, Morris and me were in Chemnitz where the Chemnitzer Linuxtage 2014 took place. We drove a booth during the two days, the CLT host around 60 boothes of companies and FOSS projects. I like to go to the CLT because it is perfectly organized with great enthusiasm of everybody involved from the organisation team. Food, schedules, the venue, everything is perfect.

Even on saturday morning, short after opening of the event, somebody from the orga team was showing up on the booth with chocolate for the volunteers, saying hello and asking if everything is in place for a successful weekend. A small detail, which shows how much effort is put into organization of the event.

As a result, visitors come to visit the event. It’s mostly a community centric event: Exhibitors are mostly representing FOSS projects such as openstreetmap.org, distributions like Fedora or openSUSE or companies from the free software market.

Morris in action on the booth

Morris in action on the booth

The majority of visitors are mostly interested in private use of the software. But, no rule without exception, we also had a remarkable number of people from companies, either executives or people working in the IT departments, who were interested in ownCloud.

Speaking about ownCloud, I want to say that it’s amazing to represent our project. People know it, people like it, people use it. In private, but also in professional space people work with ownCloud already or are planing to start with ownCloud. ownCloud already is the accepted solution for the problems that became so practical with the NSA scandal last year.

My talk with title A private Cloud with ownCloud on Saturday morning was very well received and went smooth. The room was too small, lots of people had to stand or sit on the stairs. It was a very positive atmosphere.

Something that changed compared to last year and the year before: Most discussions were around how ownCloud can be installed, integrated and used and not any more about which features are still missing or maybe also bugs.

So it were two very exhausting days, but big fun! Thanks to Daniel, Arthur and Morris for the work and fun we had on the booth, and thanks to the CLT team for CLT.

SO_oC — Summer Of ownCloud! http://algorithmsforthekitchen.com/blog/?p=609 http://algorithmsforthekitchen.com/blog/?p=609 http://algorithmsforthekitchen.com/blog/?p=609 Sun, 09 Mar 2014 15:23:00 +0000 This is a heads up that ownCloud is participating in two internship programs this summer!

Google Summer of Code 2014 (GSoC)


Thanks to openSUSE for hosting us again!

Check out the openSUSE GSoC portal and the ownCloud GSoC portal for more information

Student application starts tomorrow. It’s important that you come up with a draft of your proposal as soon as possible, so that you can get feedback from your mentor.

Outreach Program for Women (OPW)


Thanks to the OPW organizers for accepting our application ;-)

Check out the ownCloud OPW portal for more information.

Remember that you have time until March 19 to get in touch with us and make a small contribution.


Here is the list of Projects Ideas we propose. Check out this list and contact the mentors of the projects you are interested in. Notice two things:

  • in order to participate in OPW, you don’t need to be a student;
  • GSoC projects are restricted to coding. If you are applying for GSoC, look only for projects in that category;
  • both the programs have hard deadlines, mind the dates!

If you have any question, don’t hesitate to swing by our IRC channel! (#owncloud on Freenode — I am ‘cosenal’)

Here it’s still -11°C, as I write, but I’ll say it anyway, as an omen: Happy Summer Of ownCloud!

Free ownCloud mobile libraries released http://blog.karlitschek.de/2014/02/free-owncloud-mobile-libraries-released.html http://blog.karlitschek.de/2014/02/free-owncloud-mobile-libraries-released.html http://blog.karlitschek.de/2014/02/free-owncloud-mobile-libraries-released.html Thu, 20 Feb 2014 12:20:00 +0000 Today we are happy to announce the release of the ownCloud mobile libraries for iOS and Android. ownCloud is a free file sync and share solution. The main differentiator to Dropbox, Google Drive, and others beside being free software is that you can run it yourself wherever you want. Obviously a central place to you store your files is only useful if you can access it from all devices and integrate it with all of the applications that you use.

Because of that, the ownCloud strategy is to provide as many ways as possible to access files and data stored in ownCloud. We have a strong commitment to support open protocols and formats like WebDAV, CalDAV, CardDAV, OCS, ODF and others. So you can mount your ownCloud via WebDAV easily with KDE, GNOME, Windows, Mac and so on. It's easy to integrate ownCloud with other systems by transferring files via WebDAV. This is the power of open protocols. But ownCloud provides much more than that. There are mobile applications for iOS and Android and Desktop syncing
clients that you can use to work with you files. The Desktop syncing clients runs on Mac, Windows and Linux and also ship with a command line client that can be used to automatically sync folders between desktops and the server or script it in any way. There is also a C++ library that can be used by 3rdparty clients like the KDE Plasma one. So there are a lot of options to access your ownCloud from the desktop.

On the phone and tablet side it was, until now, a bit more difficult. A user could use the official ownCloud apps, but if a 3rd party app wanted to access an ownCloud server, then the 3rd party app had to implement all of the WebDAV and REST calls needed to talk to ownCloud. 

This is why today we released free libraries for iOS and Android that can be used used by mobile developers to add ownCloud support to their apps. They provide easy to use methods to read and write files, share files and many more useful operations. To make these libraries as useful as possible to as many developers as possible, we have released them under the MIT license. 

The libraries can be download here 

The documentation how to use them can be found here:

For any developer related questions please post to the new ownCloud developer list http://mailman.owncloud.org/mailman/listinfo/devel

I Love Free Software Day 2014 http://www.arthur-schiwon.de/i-love-free-software-day-2014 http://www.arthur-schiwon.de/i-love-free-software-day-2014 http://www.arthur-schiwon.de/i-love-free-software-day-2014 Fri, 14 Feb 2014 08:54:00 +0000

I would like to take the opportunity of this special day to express how much the influence of Free Software to my life is.

Back in 2005 I started to use Linux and because I had no clue I looked for support in the German-language Kubuntu community. This is how I jumped into and got an idea about Free Software. Kubuntu and the people were fun, after some time I was able to give support and not only take it. I helped out with other things, started to attend conferences (usually also in combination with a Kubuntu community booth). I met amazing people who became really really good friends.

An outstanding position does have the LinuxTag in Berlin, because there I made my most important contacts. It was the first time, I met my friends from the German-language Kubuntu community in person. It was the place, where I first met Frank, founder of ownCloud. The later founded company behind the ownCloud project now gives me the chance to make a living with free software. I cannot deny it was a dream.

Most important however was that at the same conference I met my beloved wife. Yes, personally the I Love FS day has more in common with the Valentine's day than you might guess.

Needless to say that LinuxTag was also the first conference, my son attended – at the age of 9 months ;)

Happy I Love FS day!

Blog Refurbished http://www.arthur-schiwon.de/blog-refurbished http://www.arthur-schiwon.de/blog-refurbished http://www.arthur-schiwon.de/blog-refurbished Thu, 13 Feb 2014 20:52:00 +0000

Finally, finally, I found the time (spread over several months) to refurbish my blog. Not that it took so long, but spare time is rare these days.

I decided to stick with Drupal and created a fresh and clean installation of 7 to replace the old Drupal 6. Now Drupal is somewhat overkill for a simple blog, but I the alternatives did not convince me for various reasons.

Now I do not want to dive into why or why not this and that, but point out some remarkabilities with regard to Drupal. Setting up Drupal is straightforward of course, and everything works fine and smooth, but the real work comes with adjusting it to become what you want. Its flexibility allows to realize anything, on the other hand it is also a reason why some things are laborious to accomplish.

Layout and Modules

I chose Bamboo as base theme and sub-themed it. The blog looks now less stale, long code parts are presented properly and it has a mode for mobile devices. It required to dive in into Drupal theming a bit, but not too much. The documentation provided with Bamboo was already very helpful. The big plus of a sub-themed theme is that you easily can update the main theme without patching around endlessly. Theoretically it still can break your layout, if major changes would be applied. In the end, this task was pleasant to complete.

Afterwards it was about selecting modules and do the configuration. Mostly it was searching, installing, configuring, done. Just three things i want to point out here:

  1. There's no easy solution for a guest preview as offered by Wordpress. You can achieve this by doing something complicated (it did not follow this) or using the view_unpublished module. It does not offer the same convenience, but is good enough.
  2. Also finally standard elements like captions and buttons are localized into most common languages, e.g. English, Spanish, Chinese, Russian, Arab and German. Drupal does not ship translations by default.
  3. Avoiding blog spam. On the old version I used reCaptcha. I believe the only type of commentators it kept away were authentic people, instead I had the doubtful pleasure to moderate tons of SEO spam. Now I use a honeypot approach and so far (in testing) it works incredibly good and does not get in the way of real people. I an very fond of this.

Upgrade and Maintenance

I wished I could get the latest Drupal from the repositories, either original Ubuntu ones or a PPA. Web software evolves fast, releases fast and often closes security issues. Unfortunately, neither is provided (only older packages in the 12.04 repositories).

So I need to keep Drupal up to date by hand. Who has ever read the update instructions knows, that you don't want to do it by hand. A lot of stuff to do. Perfect condition for the lazy CS guy and a good opportunity to refresh my shell scripting. I could automate a lot of the ugly and boring stuff. What is left is for me is to kick off the script, and get in and out of the maintenance mode. Even this can be achieved without human interaction, so far i prefer to keep the control. In the end, I need to ensure everything works as expected anyway.


The fun part. First, why did I not upgrade from Drupal 6 to 7, but made everything from scratch? Because I did some decision with the old configuration that were not so useful. Then, there were some modules that were discontinued or replaced with a lacking upgrade path. And somewhere in my head was stuck, that an upgrade was problematic or not recommended, though this is probably of goof of my own memory. Well, in the end almost everything was ready and was just waiting for the content.

To migrate the content, i.e. blog posts, static pages, comments, tags, from Drupal 6 to 7 was easy in the end, once you found the way and fixed what was missing.

There is a module that provides exactly this transfer from an old Drupal 6 installation to a new Drupal 7 one, providing a GUI. I really did not want to write an upgrade script, because I would have needed to get into those details again, while all the content types were standard ones. So, GUI was a plus. At that time there was no stable release including the GUI, though, so I took the development version. Took it, run it, was delighted.

Only a little bit later I found out, that the tags were not assigned and node and term IDs (tags) were shuffled.

Reassigning the tags worked with some SQL select and insert.

INSERT INTO field_data_field_tags (entity_type, bundle, deleted, entity_id, revision_id, language, delta, field_tags_tid) 
SELECT 'node' AS 'entity_type', 'blog' AS 'bundle', 0 AS 'deleted', node.nid AS 'entity_id', node.nid AS 'revision_id', 'und' AS 'language', (@jDelta := @jDelta +1) AS 'delta', taxonomy_term_data.tid AS 'field_tags_tid' 
FROM taxonomy_term_data, node, oldDatabase.term_data, oldDatabase.node, oldDatabase.term_node, (SELECT @jDelta := 0) AS jDelta 
WHERE oldDatabase.term_node.nid = oldDatabase.node.nid AND oldDatabase.term_node.tid = oldDatabase.term_data.tid AND taxonomy_term_data.name = oldDatabase.term_data.name AND node.title = oldDatabase.node.title ORDER BY entity_id;

So, the Node IDs and Term IDs were left. This is a problem, because they are contained in the URLs. From a SEO point of view, keeping them different will confuse search engines. Likely that they get it right after a while, but as a former SEO consultant you want to do it the right way. Changing them back would work, but the IDs are used everywhere and there is a lot of tables. Before I decided for the migrate module I considered migrating the content just by copying it from the old to the new database, but things changed are without getting really down into it, many new tables and columns remained unclear.

The lazy approach was to to redirect the old node IDs to the new ones.

SELECT CONCAT('redirect 301 /node/', oldDatabase.node.nid, ' http://www.arthur-schiwon.de/', alias)  
FROM node, url_alias, oldDatabase.node 
WHERE node.title = oldDatabase.node.title AND source = CONCAT('node/', node.nid);

It redirects the old URLs containing the old node IDs to the clean URLs. For some reasons, something happened canonical tag in Drupal 6 so that the old clean URLs where not used, but the ugly ones. I do not want to have them in the search engines. Now, this is fixed as well. The result contained duplicate lines, somehow, but they could be easily dropped or the correct alias chosen. In few cases, I needed to update the alias, commas led to some problems. I pasted the result at the beginning of the .htaccess file. The same needed to be done for the term IDs.

It is not the best approach, but given the limited time I could and wanted to spent this is OK. In the end, it's a private blog for fun and fame, but not for profit.

It is essential to try whether all important old URLs will still be reachable to avoid broken links. Broken links are bad for visitors as well as search engines. I used linkchecker, available in Ubuntu repositories, to collect all the URLs from my old site.

linkchecker -Fcsv/urlstate.csv --stdin -t1 -r0

A lot of stuff is gathered I took the whole path pointing to my domain, replaced the domain to my test domain, saved it in a text file and ran curl against them, I wrote a small script for this.

for url in `cat urls-new-ws`; do
  status=`curl -I $url | grep "HTTP/1.1"`
  echo "$url,$status" >> $OUTPUTFILE

In the resulting CSV file I had the URL and the status, good enough for me. In LibreOffice, I auto-filtered it and sorted out the faulty or suspicious URLs, i.e. those throwing 4xx errors. If things needed to be fixed, I fixed them and rerun the script again until I was satisfied.


I wondered whether I should switch away from Drupal but decided to stay with it. The migration should be performed as good as possible while spending as little time as possible. In the end, it took quite some time to investigate and find the right strategy. Maybe it would have been faster with a direct upgrade. Probably it is easier and more straight forward to use a software that is dedicated to run blogs. This question will reappear when the next iteration of the blog is going to be done in some years. And I cannot promise to stay with Drupal, since I really only use a little bit of the whole feature set. But I am not a fan of neither Wordpress nor Ghost, so let us see which options will be out in the wild then.

With the result I am satisfied, though there are a few smaller edges that can be taken care of later. It really is a huge relief to deliver "Comment" buttons and likes in common languages instead of just only German and be able to properly read it on mobile devices.

Now I only need to find time to blog more often ;)

Erstes ownCloud User Meeting in München https://blog.portknox.net/2014/01/erstes-owncloud-user-meeting-in-munchen/ https://blog.portknox.net/2014/01/erstes-owncloud-user-meeting-in-munchen/ https://blog.portknox.net/2014/01/erstes-owncloud-user-meeting-in-munchen/ Thu, 23 Jan 2014 17:41:00 +0000 ownCloud_beerDas erste ownCloud User Treffen in München: Am Mittwoch, 29.1.2014 treffen wir uns um 19 Uhr im Gasthaus “Goldener Hirsch” (Renatastraße 35, 80634 München) zum gemütlichen Austausch zu allen ownCloud-Themen. Wir haben den großen Tisch ganz rechts reserviert, haltet Ausschau nach ownCloud T-Shirts! :)

Das ownCloud User Meeting findet bei Interesse künftig monatlich statt und zwar jeden letzten Mittwoch im Monat. Bei jedem Meeting soll es ein Haupt-Thema geben, diese Themen wurden schon vorgeschlagen:

Falls du selber etwas vortragen oder zeigen willst, sprich uns einfach an!

Die Termine und Locations werden wir über Techism bekannt geben, über diesen Link kann man auf dem Laufenden bleiben.

Wir freuen uns auf das erste Treffen!

Using OpenStack Swift as ownCloud Storage Backend http://blog.adityapatawari.com/2014/01/using-openstack-swift-as-owncloud.html http://blog.adityapatawari.com/2014/01/using-openstack-swift-as-owncloud.html http://blog.adityapatawari.com/2014/01/using-openstack-swift-as-owncloud.html Mon, 20 Jan 2014 16:00:00 +0000
ownCloud helps us to access our files from anywhere in the world, without take the control of data from us. Traditionally server's local hard disks have been used to act as storage backend but these days, as the latency of networks is decreasing, storing data over network is becoming cheaper and safer (in terms of recovery). ownCloud is capable of using SFTP, WebDAV, SMB, OpenStack Swift and several other storage mechanisms. We'll see the usage of OpenStack Swift with ownCloud in this tutorial

At this point, the assumption is that we already have admin access to an ownCloud instance and we have set up OpenStack Swift somewhere. If not, to setup OpenStack Swift, follow this tutorial.

Step 1: External storage facilities are provided by an app known as "External storage support", written by Robin Appelman and Michael Gapczynski, which ships with ownCloud and is available on the apps dashboard. It is disabled by default, we need to enable it.

Step 2: We need to go to Admin page of the ownCloud installation and locate "External Storage" configuration area. We'll select "OpenStack Swift" from the drop down menu.

Step 3: We need to fill in the details and credentials. We'll need the following information:
  • Folder Name: A user friendly name for the storage mount point.
  • user: Username of the Swift user (required)
  • bucket : Bucket can be any random string (required). It is a container where all the files will be kept.
  • region: Region (optional for OpenStack Object Storage).
  • key: API Key (required for Rackspace Cloud Files). This is not required for OpenStack Swift. Leave it empty.
  • tenant: Tenant name (required for OpenStack Object Storage). Tenant name would be the same tenant of which the Swift user is a part of. It is created using OpenStack Keystone.
  • password: Password of the Swift user (required for OpenStack Object Storage)
  • service_name: Service Name (required for OpenStack Object Storage). This is the same name which was used while creating the Swift service
  • url: URL of identity endpoint (required for OpenStack Object Storage). It is the Keystone endpoint against which authorization will be done.
  • timeout: Timeout of HTTP requests in seconds (optional)

Just to get a better hold on things, check out the image of an empty configuration form and here is a filled up one.

Notice that if ownCloud is successfully able to connect and authorize then a green circle appear on the left side of the configuration. In case things don't work out as expected then check out the owncloud.log in the data directory of ownCloud instance.

That is it. Now ownCloud is now ready to use OpenStack Swift to store data.]]>
Installing ownCloud on Raspberry Pi http://blog.adityapatawari.com/2013/08/installing-owncloud-on-raspberrypi.html http://blog.adityapatawari.com/2013/08/installing-owncloud-on-raspberrypi.html http://blog.adityapatawari.com/2013/08/installing-owncloud-on-raspberrypi.html Sat, 11 Jan 2014 23:33:00 +0000

Presenting a ready-to-install image of ownCloud for Raspberry Pi 

A small introduction to ownCloud
ownCloud is an application which enables users to share their data without giving control to any third party posing as a facilitator. While sharing the data without loosing control is the main objective, ownCloud is much more than that. It can also rapidly sync the data, contacts, calendar events etc from several devices. It can work with several custom backends and it is highly flexible.

Many of us have a Raspberry Pi with us and we love playing with it. In past I have written posts on how to install Arch Linux on it and how to install OpenELEC to convert the Raspberry Pi into a Media Centre. This time I plan to go a little further. This time I have made a custom image which comes preinstalled with ownCloud and some tweaks to improve the ownCloud experience with Raspberry Pi. This image is based on Raspbian Wheezy.

Just follow the steps below and you'll be good to go in no time:
  1. Download the archived image from in either zip format (usually for Windows) or gunzip format (usually for Linux and Unix like platforms)
    Since I am running on Linux, I would download gunzip format.
  2. Extract it and put it on a SD card using dd or any other tool or command. Check out this article on elinux if you need any help for this. Although 2 GB SD card would be fine but I would recommend using 4 GB or more.
    I would run the following commands:
    $ gunzip owncloud-raspberrypi-0.1.img.gz # to extract the gz archive
    $ sudo dd bs=1M if=owncloud-raspberrypi-0.1.img of=/dev/mmcblk0 # to write to the SD card. /dev/mmcblk0 can be obtained by the output of df command.
  3. Put this SD card in your Raspberry Pi and boot. The default credentials are:
    user: pi
    password: owncloud
  4. Run raspi-config and follow the directions to expand the filesystem to enjoy maximum disk space. Reboot, if required.
  5. Run ifconfig to get the ip address of the Raspberry Pi.

That is it. Just open http://<ip_address>/owncloud and create the admin user and explore ownCloud on Raspberry Pi.

This image PHP execution time increased to 60 seconds and the upload limit has been bumped up to 500M. The Apache is set to allow .htaccess for the protection of data directory. Also SSH has been enabled by default.

The official page for the image can be found at ownCloud on Raspberry Pi. A Hacker News discussion is also going on here.

If you like this image and you are interested in knowing more about ownCloud, then please consider buying my book, Getting Started with ownCloud. It is available from Amazon.com, Amazon.co.uk, Barnes & Nobles and on Kindle.]]>
Creating fluid, powerful Kexi forms http://www.piggz.co.uk/?q=blog/2014/01/08/creating-fluid-powerful-kexi-forms http://www.piggz.co.uk/?q=blog/2014/01/08/creating-fluid-powerful-kexi-forms http://www.piggz.co.uk/?q=blog/2014/01/08/creating-fluid-powerful-kexi-forms Wed, 08 Jan 2014 22:31:00 +0000

Kexi reports have for a long time supported a powerful scripting interface. Forms however, while supporting a wide range of data-enabled widgets, only have support for simple macros.

Forms and reports are both plugins in Kexi. Kexi plugins are based around views....a plugin exposes a Design View and a Data View (in the normal case). Reports and Form design views are based on quite extensive wysiwyg designers which create XML representations used by the Data view to display the data in the object.

Initial build of Sailfish ownCloud newsreader .... newsFish http://www.piggz.co.uk/?q=blog/2014/01/04/initial-build-sailfish-owncloud-newsreader-newsfish http://www.piggz.co.uk/?q=blog/2014/01/04/initial-build-sailfish-owncloud-newsreader-newsfish http://www.piggz.co.uk/?q=blog/2014/01/04/initial-build-sailfish-owncloud-newsreader-newsfish Sat, 04 Jan 2014 00:32:00 +0000

This is an initial release of my ownCloud news reader for Sailfish.

I mean _initial_ as in 'this is literally the first build that runs and shows something half sane'


  • Log into ownCloud instance
  • List of feeds
  • List of articles in a feed
  • Article view
  • Open article in browser
  • Open article in instapaper
  • Sync from Cover screen

After entering your credentials and clicking Continue, you will be presented with a blank Feeds page.  You have to sync, which is available from the Pulley menu.

On Practical Qt Security https://daniel.molkentin.net/2014/01/04/on-practical-qt-security/ https://daniel.molkentin.net/2014/01/04/on-practical-qt-security/ https://daniel.molkentin.net/2014/01/04/on-practical-qt-security/ Fri, 03 Jan 2014 23:43:00 +0000 At 30C3, Ilja van Sprundel gave a talk on X Security. In this talk, he also discussed Qt security matters, specifically how running a setuid binary which links against Qt is unsafe due to exploitable bugs in the Qt code base (citing the infamous setuid practice in KPPP). While his points are valid, he misses the greater picture: Qt was not designed for use in setuid applications! Consequently there are a lot of ways the security of a Qt application can be compromised when it runs as root. So I went on to discuss this issue with QtNetwork maintainer Richard Moore, and we both agree that in contrary to Iljas claim, we do need to dictate policy. So here it goes:

Do not ship Qt applications that require setuid. While the same is probably true for any other toolkit, we have only discussed this for Qt in more depth. Actually, Rich has prepared a patch for Qt 5.3 that will quit if you try to run an application setuid unless you ask it to. This should make it harder to shoot yourself into the foot.

While making QtCore and QtNetwork safe for setuid use is possible, they currently are not. If you absolutely have to (and you really shouldn’t), at least unset QT_PLUGIN_PATH and LD_LIBRARY_PATH in main(). The latter is required because even though LD_LIBRARY_PATH is ignored by the linker for setuid binaries, it is used internally by QtNetwork unconditionally to look for OpenSSL. Of course, you also need to follow all the other best practices (note that even this list is incomplete, e.g. it doesn’t mention to close FDs).

However, there are also situations where a Qt application running as user can be unsafe, so to those who ship their own Qt build to their customers, there are even more policies:

  • Never build Qt so its prefix is a publicly writable directory, such as /tmp: Suppose you build a in-source (developer) build in /tmp/qt, then Qt will go ahead and look for plugins in /tmp/qt/plugins. A malicious user could simply provide a fake style there that next to calling the style which the user would expect (e.g. via QProxyStyle) executes arbitrary malicious code. The same goes for Image IO plugins, which are handled in QtCore.
  • Never build Qt so its prefix is a home directory: This one is more tricky and a lot harder/unlikely to exploit, but it’s a valid attack vector nonetheless: Suppose Joe Coder compiles Qt in-source on /home/joe/dev/qt. Now every customer needs to make sure that a local user by the same name is a really nice person.

So in conclusion, a better summary of the above would be:

Never distribute binaries built with a prefix that is a non-system directory!

If you already have this setup, but need a hotfix, there is hope: libQtCore.so contains strings starting in qt_plugpath= and qt_libspath=. Both are padded to 1024 bytes. Adding a binary null after the first / keeps Qt from looking for loadable code in user accessible locations.

TL;DR: The bugs Ilja points out are valid, but only affect applications that don’t follow good practice. We will attempt to make it harder for developers to make these mistakes, but writing suid applications isn’t something that will ever be recommended, or easy to do safely. Apart from the suid issue however, there are more traps lingering if you provide your own Qt and build it in an unsafe way.

Further reading: Google+ discussion on the topic.
Acknowledgements: Richard Moore for contributing vital information to this document, Thiago Macieira for proof-reading.

Update: Clarified the wording to ensure it’s clear that a prefix is meant. Thanks, Ian.

Update 2: As Rich and David Faure pointed out, KPPP is dropping permissions before calling Qt code, and KApplication already has a setuid safeguard in place.

Update 3: Richs setuid check has been merged.

The ownCloud Public Link Creator http://blog.schiessle.org/2013/12/30/the-owncloud-public-link-creator/ http://blog.schiessle.org/2013/12/30/the-owncloud-public-link-creator/ http://blog.schiessle.org/2013/12/30/the-owncloud-public-link-creator/ Mon, 30 Dec 2013 09:28:00 +0000 ownCloud Share Link Creator - Context Menu

ownCloud Share Link Creator – Context Menu

Holiday season is the perfect time to work on some stuff on your personal ToDo list. ownCloud 6 introduced a public REST-style Share-API which allows you to call various share operations from external applications. Since I started working on the Share-API I thought about having a simple shell script on my file manager to automatically upload a file and generate a public link for it… Here it is!

I wrote a script which can be integrated in the Thunar file manager as a “custom action”. It is possible that the program also works with other file managers which provide similar possibilities, e.g Nautilus. But until now I tested and used it with Thunar only. If you try the script with a different file manager I would be happy to hear about your experience.

ownCloud Share Link Creator - File Upload

ownCloud Share Link Creator – File Upload

If you configure the “custom action” in Thunar, make sure to pass the paths of all selected files to the program using the “%F” parameter. The program expects the absolute path to the files. In the “Appearance and Conditions” tab you can activate all file types and directories. Once the custom action is configured you can execute the program from the right-click context menu. The program works for all file types and also for directories. Once the script gets executed it will first upload the files/directories to your ownCloud and afterwards it will generate a public link to access them. The link will be copied directly to your clipboard, additionally a dialog will inform you about the URL. If you uploaded a single file or directory than the file/directory will be created directly below your default target folder as defined in the shell script. If you selected multiple files, than the program will group them together in a directory named with the current timestamp.

This program does already almost everything I want. As already said, it can upload multiple files and even directories. One think I want to add in the future is the possibility to detect a ownCloud sync folder on the desktop. If the user selects a file in the sync folder than the script should skip the upload and create the share link directly.

Edit: In the meantime I got feedback that the script also works nicely with Dolphin, Nautilus and Nemo

Why I work on ownCloud http://www.butonic.de/2013/12/17/why-i-work-on-owncloud/ http://www.butonic.de/2013/12/17/why-i-work-on-owncloud/ http://www.butonic.de/2013/12/17/why-i-work-on-owncloud/ Tue, 17 Dec 2013 18:18:00 +0000 While it is nice that Heise and even Spiegel Online (not to mention great publications in the US as well) are writing positively about ownCloud, I have yet to see an article that captures my personal motivation for working on it. Most articles mention the NSA and how great it is to reclaim the control over your data.That certainly is true. But while ownCloud Inc. is concentrating on file synchronization and solving the Dropbox problem, I think the ownCloud community has set out to do a lot more.


Looking at the apps repository you can easily recognize one google app replacement after another: calendar, contacts, mail, mapsnews, music, pictures … even documents. Or the Android app. So much for the googleverse. All in all that is a solid foundation on which to get self-hosting again. My main motivation.


Replacing the googleverse is far from easy. And I certainly am aware of their search capabilities. I already started working on a lucene-based full text search of the users files and we will be redesigning ownCloud search for OC7. Maybe at some point in the future someone will start integrating yacy.

Microsoft started integrating their outlook.com accounts with their operating system and allows users to login with an online account. With Gnome and KDE the two big linux Desktop environments also have started integrating ownCloud. Not only as a contacts or calendar backend but also as a music source for Rythmbox / Amarok. That’s only the start…

The nice thing is that ownCloud faces so many challenges, so many opportunities to experiment with the next technology stack, over-hyped framework or whatnot that I’ll never run out of ideas to try out next. Another huge motivation for me: it keeps my mind busy.


All the related projects and technologies bring me to another motivation: choice. Should I get bored customizing ownCloud, I can always shift my focus to working on a specific app. That already happened and I meanwhile worked on the gallery, search_lucene, music and the files app among other. Should I ever get bored writing PHP I can always go back to Java and work on the Android app, learn Objective-C with the iOS app or maybe C# with the Windows Phone app. I might even shift my attention to the Mirall desktop client which is C++ and Qt. Anything is possible.

The right thing

Faced with data silos like Google, Facebook and Dropbox I fear the power these services could assert over any of their users. I don’t care if their motto is “Don’t be evil” or whatever nice claim they might come up with. The fact is that humans work there and that other humans have access to my personal data. And humans can do very irrational things.

While the commercial where a father manages a google account for his child until it grows up as some kind of lifelog is touching … it is also frightening. Very frightening. Your whole life digitized. Searchable. Machine readable. A double edged sword if you ask me.

Who would you want to hold it? Someone who earns money by giving away your very personal information? I know the answer to that. And I will do anything I can to allow future generations to wield their own sword.

Join the community

I already became medieval so let me rephrase the above: “Brace yourself! Winter is coming.” I laid out my personal motivation. Maybe one of them resonates well with your own. Help us shape the future and join the ownCloud community. Start by installing ownCloud now!

flattr this!

ownCloud 6 Releaseparty in Nuremberg http://dragotin.wordpress.com/2013/12/13/owncloud-6-releaseparty-in-nuremberg/ http://dragotin.wordpress.com/2013/12/13/owncloud-6-releaseparty-in-nuremberg/ http://dragotin.wordpress.com/2013/12/13/owncloud-6-releaseparty-in-nuremberg/ Fri, 13 Dec 2013 07:44:00 +0000 oc6_releaseparty

The ownCloud community released ownCloud 6 a couple of days ago. That was another big release and we want to celebrate!

Please, everybody who is interested in ownCloud, like to learn more, give feedback or just want to meet other people from the community, you are invited to show up at Coworking Space in Nuremberg, Josephsplatz 8, on december 18th, 6pm.

We will have a relaxed evening with a little discussion, maybe short demos, cakes and stuff, and fun. No heavy talks and serious faces!

We are looking forward to meeting you.

ownCloud 6 is here http://blog.karlitschek.de/2013/12/owncloud-6-is-here.html http://blog.karlitschek.de/2013/12/owncloud-6-is-here.html http://blog.karlitschek.de/2013/12/owncloud-6-is-here.html Wed, 11 Dec 2013 13:02:00 +0000 I'm supper happy to announce the release of ownCloud 6 today.
ownCloud 6 is a special release in several way. The community did an incredible job with improving ownCloud in several important areas.
  • Quality. ownCloud is a very fast moving project so it is super important to balance innovative new features with rock solid stability. The ownCloud community introduced several important techniques to improve the quality. As a result we fixed a huge amount of bugs in this release. Also some very old and annoying issues are finally gone. I think this is very important for a lot of users. We will release a series of bugfix releases for in the next few month to iron out the last remaining issues. This is a big step forward.
  • Performance. The performance of ownCloud 6 improved significantly over older versions. The overall file-handling is faster and more optimized. In some areas, like the mounting of SFTP, CIFS or Dropbox servers, the performance improved over 10x. This is great for people who run their ownCloud server on a small device like a Raspberry Pi or on a big cluster to serve hundred thousands of users.
  • Innovation It was always to goal of ownCloud to deliver innovative features to our users and to be the innovation leader in our space. I don't want to repeat my previous blog posts where I announced the great new features of version 6. Just look at my posts here.  http://blog.karlitschek.de/2013/10/introducing-owncloud-6.html and http://blog.karlitschek.de/2013/10/welcome-owncloud-documents.html 
  • But I have to say that I'm especially proud about what we did with ownCloud Documents. This is a feature that doesn't exist anywhere else. Other collaborative editing solutions are 1.) proprietary or 2.) don't run on your own hardware or 3.) don't work on top of normal files that you can also sync and share or 4.) a combination of all of this. I belief that this features is super important for the future and the huge response we got from users clearly show that I'm not alone here. This is only the first version of this feature of course. We will keep on improving and polishing it in the future.

Please look at http://owncloud.org/six for more information about ownCloud 6.

ownCloud is more important now then every if you follow the latest surveillance and espionage revelations. A free and self hosted alternative to the big proprietary cloud services is essential for the future.

Thanks to the awesome ownCloud community who builds all this. Thanks a lot to everyone who contributed to this great release. And thanks to ownCloud Inc. who sponsors the development of free software.

ownCloud is built by a great community with a completely open development process. Everyone is welcome to join us and help to build software which can protect all of us from surveillance. Please join us at https://owncloud.org if you want to make the world a little bit better.

ownCloud 6 Release Party — Berlin Edition https://daniel.molkentin.net/2013/12/06/owncloud-6-release-party-berlin-edition/ https://daniel.molkentin.net/2013/12/06/owncloud-6-release-party-berlin-edition/ https://daniel.molkentin.net/2013/12/06/owncloud-6-release-party-berlin-edition/ Fri, 06 Dec 2013 11:03:00 +0000

A packed room listens to the talks at the ownCloud 5 release event.

A packed room listens to the talks at the ownCloud 5 release event.

(Deutsche Version drüben bei Arthur)

With the final release of ownCloud 6 imminent, it is time to celebrate!

This time, BeLUG, who is also running an ownCloud installation for their members, was kind enough to host the Berlin release event. We’ll have short talks by both developers and admins, free pizza and beverages at affordable prices.

Talks (~20 min each):

  • ownCloud 6 Tour — Arthur Schiwon, ownCloud
  • Improvements in ownCloud Client 1.5 — Daniel Molkentin, ownCloud
  • ownCloud @ BeLUG, an Admin Perspective — tba, BeLUG


Please give a short shout in the comments if you want to join us.

See you there!

PS: There will be parties in other places as well:

ownCloud 6 Release Party in Berlin http://www.arthur-schiwon.de/owncloud-6-release-party-berlin http://www.arthur-schiwon.de/owncloud-6-release-party-berlin http://www.arthur-schiwon.de/owncloud-6-release-party-berlin Thu, 05 Dec 2013 21:03:00 +0000

Die ownCloud 5.0 Release Party war gut besucht

Read an English announcement at Danimo's.

Das Release von ownCloud 6 ist keine Woche mehr entfernt. Der letzte Release Candidate ist veröffentlicht, die nächste Version klopft an der Tür. Dies gilt es gebührend zu feiern!

Release Party

Programmatisch wird es zwei kurze, knackige Vorträge zu ownCloud 6 und dem ownCloud Desktop Client 1.5 geben. Es folgt eine Demonstration des neuen ownCloud an einem real existierenden Beispiel. Anschließend gilt es sich gemütlich bei Freipizza auszutauschen.

Bitte sagt per Kommentar an, ob ihr dabei seid! Das erleichtert es, die richtige Menge Futter zu beschaffen ;)

Andere Städte

Release Parties wird es auch andernorts geben, voraussichtlich in Stuttgart, Nürnberg und München. Details werden dann über die Events-Mailingliste bekannt gegeben.


Building the ownCloud client for Windows on openSUSE 12.3 using a vagrant box http://deepdiver1975.wordpress.com/2013/12/05/building-the-owncloud-client-for-windows-on-opensuse-12-3-using-a-vagrant-box/ http://deepdiver1975.wordpress.com/2013/12/05/building-the-owncloud-client-for-windows-on-opensuse-12-3-using-a-vagrant-box/ http://deepdiver1975.wordpress.com/2013/12/05/building-the-owncloud-client-for-windows-on-opensuse-12-3-using-a-vagrant-box/ Thu, 05 Dec 2013 10:16:00 +0000 You want to build the ownCloud client yourself for Windows?

Well it is pretty good explained already in the official docs: http://doc.owncloud.org/desktop/1.4/building.html

But what to do if you don’t use openSUSE?

Fire it up in vagrant!

 $ mkdir {folder where the vagrant configuration will live AND the mirall and ocsync sources}
 $ vagrant box add openSUSE_12.3 http://sourceforge.net/projects/opensusevagrant/files/12.3/opensuse-12.3-64.box/download
 $ vagrant init openSUSE_12.3
 $ vagrant up

Once nice feature about vagrant is that this folder will be available with the openSUSE box under /vagrant .
Cloning the csync and miral code into this folder and also keep the build folders in here will allow file manipulation on the local system – e.g. use QtCreator.
Only for building the win32 you ssh into the vagrant box.

Let’s first get the sources:

$ git clone -b ocsync git://git.csync.org/users/freitag/csync.git ocsync
$ git clone git://github.com/owncloud/mirall.git
$ mkdir mirall-build-win32
$ mkdir ocsync-build-win32

Let’s have a look at them in the vagrant box:

$ vagrant ssh
# now we are in the openSUSE box
$ ls /vagrant
mirall  mirall-build-win32  ocsync  ocsync-build-win32 

Let’s prepare the box with all necessary tools and packages required to build mirall and ocsync:

# take the wheel
$ sudo su -

# update the system - always a good idea
$ zypper update

# setup mingw repositories
$ zypper ar http://download.opensuse.org/repositories/windows:/mingw:/win32/openSUSE_12.3/windows:mingw:win32.repo
$ zypper ar http://download.opensuse.org/repositories/windows:/mingw/openSUSE_12.3/windows:mingw.repo

# install required packages
$ zypper install cmake make mingw32-cross-binutils mingw32-cross-cpp mingw32-cross-gcc \
               mingw32-cross-gcc-c++ mingw32-cross-pkg-config mingw32-filesystem \
               mingw32-headers mingw32-runtime site-config mingw32-libqt4-sql \
               mingw32-libqt4-sql-sqlite mingw32-libsqlite-devel \
               mingw32-dlfcn-devel mingw32-libssh2-devel kdewin-png2ico \
               mingw32-libqt4 mingw32-libqt4-devel mingw32-libgcrypt \
               mingw32-libgnutls mingw32-libneon-openssl mingw32-libneon-devel \
               mingw32-libbeecrypt mingw32-libopenssl mingw32-openssl \
               mingw32-libpng-devel mingw32-libsqlite mingw32-qtkeychain \
               mingw32-qtkeychain-devel mingw32-dlfcn mingw32-libintl-devel \
               mingw32-libneon-devel mingw32-libopenssl-devel mingw32-libproxy-devel \
               mingw32-libxml2-devel mingw32-zlib-devel

# install Nullsoft Scriptable Install System)
$ zypper install mingw32-cross-nsis

# and NSIS plugins required
rpm -ihv http://download.tomahawk-player.org/packman/mingw:32/openSUSE_12.1/x86_64/mingw32-cross-nsis-plugin-processes-0-1.1.x86_64.rpm
rpm -ihv http://download.tomahawk-player.org/packman/mingw:32/openSUSE_12.1/x86_64/mingw32-cross-nsis-plugin-uac-0-3.1.x86_64.rpm

Let’s build ocsync:

$ cd /vagrant/ocsync-build-win32
$ mingw32-cmake ../ocsync
$ make

Let’s build mirall

$ cd /vagrant/mirall-build-win32
$ cmake ../mirall \
      -DCSYNC_BUILD_PATH=/vagrant/ocsync-build-win32 \
      -DCSYNC_INCLUDE_PATH=/vagrant/ocsync/src \
$ make
$ make package

And we are done! The windows installer is available under /vagrant/dev/mirall-build-win32/ .
But the installer is also available within your local file system!

As I use a VirtualBox for Windows testing I that mirall-build-win32 folder is a shared folder on the Windows box as well – the installer can be tested right away!

Take care!

How to break a perfectly good N950 http://www.piggz.co.uk/?q=blog/2013/12/01/how-break-perfectly-good-n950 http://www.piggz.co.uk/?q=blog/2013/12/01/how-break-perfectly-good-n950 http://www.piggz.co.uk/?q=blog/2013/12/01/how-break-perfectly-good-n950 Sun, 01 Dec 2013 19:36:00 +0000

This morning I appear to have done something semi-interesting to a lot of people. Because of it Ive got 20+ new followers on twitter, and a bunch of people subscribing to my youtube channel (not that there is much there!)

I didn't think it was much of a big deal .... I was just tinkering before everyone got out of bed!

If you want to cut the the final result...this is what caused the fuss: http://www.youtube.com/watch?v=Ggo1W39TrQM&feature=youtu.be

ownCloud Client 1.5 Tour https://daniel.molkentin.net/2013/11/28/owncloud-client-1-5-tour/ https://daniel.molkentin.net/2013/11/28/owncloud-client-1-5-tour/ https://daniel.molkentin.net/2013/11/28/owncloud-client-1-5-tour/ Thu, 28 Nov 2013 14:51:00 +0000 It’s been quite a while since my last post about ownCloud Client 1.4. Now that ownCloud Client 1.5 beta1 has been released, it’s time to demonstrate what’s in for you this time.

The New Propagator

owncloud-icon-256First of all, we have completely redesigned The Propagator. It’s the component that is responsible for actually performing all the changes that earlier phases in a sync run have determined to be required. It is vital that the propagator does things in a clever way, and the new design allows just that. The new propagator writes changes to the sync journal as they happen, and does not rewrite the journal after every run. This means that sync runs can be paused or even terminated, and on the next start, the client will pick up where we left it. This is especially important for the initial sync which may take quite a while.

Next, we sped up sync runs significantly. If you are using an up-to-date server version, ownCloud Client 1.5 only requires one instead of three round trips to get a simple file uploaded, since the server can now accept the modification time as a header value. This will especially help with small files.

Another thing this release gets straight is support for remote moves: The old propagator handled them in terms of delete and re-download, which is a bit silly to begin with. Finally, with the new propagator, we can correctly handle moves for what they are, which turns pushing Megabytes of files into a simple mv instruction. In order to detect moves reliably, we now use file IDs next to ETags other meta data, which requires ownCloud 6.0 on the server side.

When you deleted folders, the old propagator would work strongly recursive, meaning a deletion one-by-one. This had several implications, as the non-atomic way of the old approach was problematic as it allowed for unexpected errors to happen. Also every file would be moved to the trash separately (assuming you had the trash app activated), making restore rather painful. The new propagator does away with all this: If you delete one directory, only the directory with all its structures will be moved to trash. As a side effect, this makes the delete operation on the wire much faster.

Handling Error Conditions

Ignored and blacklisted files now get featured more prominently.

Ignored and blacklisted files now get featured more prominently.

There are some situations where syncing a file cannot succeed, for instance when the shared folder on the server cannot be written to. Previously, we would try again and again and again which caused system load.

Now in cases like read-only shared folders we actually know that we will never succeed — until someone changes permissions on the server, that is. So now the client will put files it cannot write to on a black list. Only when the file or one of its parent directories changes, we check again if we are now allowed to write. This should improve traffic and CPU load a lot.

state-information-64state-ok-64Another issue we addressed was our new handling of files that are on the local ignore list or which contain characters that cannot be replicated to other operating systems (which is an ongoing discussion). Most people were well aware that it would never work, making the (i)-indicator we were showing an annoyance. We also indicated the failure in a log dialog, which turned out to be too well-buried.

In the new release, the sync log has been renamed “Sync Activity” and was placed more prominently as a top level item. It shows all files that have been synced, as well a items that could not be synced at all. The systray icon will not show the (i) icon anymore.

One Account to rule them all

Another major change won’t be visible to you until you look at the source: The Account. It has been introduced as a first step to implement support for multiple accounts in forthcoming versions. For now, it suffices to say that this change has made the internals easier to understand and extend.

Password handling and Signing out

The client when singed in...

The client when singed in…

A direct implication is that the client now has a folder-spanning notion of being on- or offline. In addition to that, you can now also sign out. This means your password will be locally discarded. Should the password change or should you have signed out and want to sign back in, you will be queried to enter your password.

The Statistics

... and when signed out.

… and when signed out.

This release addresses more than 50 issues (features, enhancements, bugs), so this tour is by no means complete.

We hope you like the new client, and we appreciate your feedback. Please head over to the issue tracker to tell us about bugs or regressions.

ownCloud 6 Community Edition Beta 1 ships collaborative editing and new wizard-like LDAP settings http://www.arthur-schiwon.de/owncloud-6-community-edition-beta-1-ships-collaborative-editing-and-new-wizard-ldap-settings http://www.arthur-schiwon.de/owncloud-6-community-edition-beta-1-ships-collaborative-editing-and-new-wizard-ldap-settings http://www.arthur-schiwon.de/owncloud-6-community-edition-beta-1-ships-collaborative-editing-and-new-wizard-ldap-settings Tue, 29 Oct 2013 11:07:00 +0000

We just released the Beta 1 of the upcoming ownCloud 6 series! It is spiced up with two new features. The most exciting one is probably collaborative editing of ODF documents. However, I do not want to write about it, ownCloud Documents is already covered by Frank.

The other feature that just went inside is revamped LDAP settings in a wizard-like fashion. Now, the minimum number of required fields you need to fill in is *drumrolls* 3! Of course without loosing the flexibility you are used to. Providing the LDAP server host, a user DN and a password is usually enough. ownCloud will take care of everything else. Some settings will be suggested, you can just accept them, and more will be auto-detected.

LDAP settings screenshot composition
New wizard-like LDAP configuration

The necessity

If you remember the old settings dialogue, it consisted of three tabs (one with a couple sections). Usually it was enough to fill out the first, the "basic", tab. It took more effort when you tried to connect to AD. There were also settings that required LDAP information – and often ownCloud admins lack that and get only a little information from their LDAP admin.

As a consequence we needed to handle bug reports (and support tickets on the company side) which were caused by wrong configurations. I played around with thoughts about some kind of assistent, then product management approached me with the same desire. So I sat down, sorted out which settings could be detected or semi-detected and which required direct input by the ownCloud admin.

Hiding complexity

It gave us a great overview and good basis to work from. Configuration details that are detected do not need to be presented anymore (the user-group-associtation for example). Semi-detectable details will be set to a default value, but can be controlled and adjusted by the ownCloud admin (the Base DN or the user filters for example). I drafted some mockups and refined them with our incredible designer Jan.

The most interesting part was how to hide the complexity of LDAP filters. If you take a step back and have a look at the common cases, you really can reduce a lot. It costs you the ability to define complex conditions, but the possibility to enter raw filters is maintained. The most common options can be casted into checkboxes with easy to understand labels. Also certain values, for instance about proper objectClasses, can be auto-detected, pre-selected and offered in a multiselect box.

The result is that we now have a really easy to use configuration tool where the ownCloud admin does not need to have deep knowledge of LDAP. For those who still want to be able to fine-grain any setting it is still possible. The Advanced and Expert tab still exists, if you really, really want to use them.

Feel for sharp edges

Unfortunately, after the Beta release I found a couple of annoying bugs, which are now fixed. For a proper testing, I recommend to use the daily build.

Mind, this is based on a Beta release and actually the first version of this LDAP configuration "wizard". It works, however you may see some glitches or edges. I would be amazing if you have the time to test it out, give feedback, report bugs, or even better, provide patches ;) I am very curious to hear your opinions!

If you are interested in helping out ownCloud with testing you may consider joining the ownCloud Test Pilots.

Welcome &quot;ownCloud Documents&quot; http://blog.karlitschek.de/2013/10/welcome-owncloud-documents.html http://blog.karlitschek.de/2013/10/welcome-owncloud-documents.html http://blog.karlitschek.de/2013/10/welcome-owncloud-documents.html Thu, 24 Oct 2013 04:35:00 +0000
A couple of weeks ago I blogged about the new features in ownCloud 6. I promised a special surprise in the coming weeks. And here it is. ;-)

In the past few month we have worked on a feature that will be super useful and popular. All the development happened in a public repository on github but we haven't talked about it in public and perhaps it wasn't obvious what it was for people who found it by accident.

I'm talking about collaborative editing! This feature is implemented in an app called "ownCloud Documents" and will be part of ownCloud 6. People can view and edit their ODF text documents directly in the browser, inside your ownCloud. Another cool thing is that you can invite users from the same ownCloud to work collaboratively on the same document with you. Or you can send invitation links by email to  people outside your server to collaborate with you on the document.

Several people can navigate in the same document with different  cursors at the same time and you can see the changes that are done by the different users in different colors. Every user is identified by the name and the nice avatar picture that we also introduced in ownCloud 6.

We implemented this feature together with our friends from KO GmbH. The browser part is based on WebODF with a new ownCloud backend to load, save, share documents and a system to distribute the document changes.

This feature is special in several ways:
  • It runs purely on your server. No communication with centralized services like Google -- so your data is always protected against surveillance.
  • We didn't introduce any new server requirements here. Just take  ownCloud and put it into your web server document root and you have your own collaborative editing server. This is far easier to install and run than for example Etherpad.
  • All the documents are based on ODT files that live in your ownCloud. This means that you can sync your documents to your desktop and open them with LibreOffice, Calligra, OpenOffice or MS Office 2013 in parallel. Or you can access them via WebDAV if you want. You also get all the other ownCloud features like versioning, encryption, undelete and so on. This is very unique I think.
  • All the code is completely free software. The PHP and the JS components are released under the AGPL license. This is different than most other solutions. Some of them claim to be open source but use creative commons as a code license which is not free software.
Please note that this is only the first version of this great feature. Not every ODT element is supported but we are working on improving this considerably in the future. We will invest significantly in this because we think that this is a very important feature that is useful for people.

More information about this feature including a demo video and all the other new ownCloud 6 features can be found here:

ownCloud Documents is part of the ownCloud 6 beta 1 that you can download here: 

Thanks to the awesome ownCloud community who implemented this innovative feature. Special thanks to our friends from KO GmbH. It's great to work with you. And thanks to ownCloud Inc. who sponsors the development of free software.

ownCloud is built by a great community with a completely open  development process. Everyone is welcome to join us and help to build software which can protect all of us from surveillance. Please join us at https://owncloud.org if you want to make the world a little bit better.

Kubuntu 13.10 Release, Apache Configuration Adjustements http://www.arthur-schiwon.de/kubuntu-1310-release-apache-configuration-adjustements http://www.arthur-schiwon.de/kubuntu-1310-release-apache-configuration-adjustements http://www.arthur-schiwon.de/kubuntu-1310-release-apache-configuration-adjustements Sat, 19 Oct 2013 10:07:00 +0000

Kubuntu 13.10 has been released a day before yesterday! Hooray!

I did an upgrade a little bit prior to the final release, and everything went smooth and works properly. There is just one thing where I needed to put hands on manually. This is my Apache (used for development only) configuration which seemed to be incompatible with the version brought with 13.10. This however is nothing Kubuntu specific, but related to all Ubuntu-flavours.

I published information on how I got it working again on Diaspora, but I want to share it with you here as well.

  1. The vhost files now need to have a ".conf" extensions. So "example.tld" needs to be renamed to "example.tld.conf" in /etc/apache2/sites-available/ and reactivated by sudo a2ensite example.tld.conf.
  2. The Actions module was somehow disabled. I needed to re-enable it by sudo a2enmod actions.
  3. Permission handling changed. You need to specify "Require" as shown on the dabase blog.

There may more things you could face. I do not have a complete overview, but it is all I was confronted with. I hope this is of help for you.

ownCloud server packages

Kubuntu 13.10 (as any Ubuntu flavour) provides ownCloud 5.0.10 in the repositories. While it is not the latest release, it's a version containing all security fixes in the 5.x series. If you prefer Ubuntu repositories over ownCloud OBS repository, you are good to install ownCloud from there as well.

As I have been informed by Kubuntu icon Jonathan Riddell, he is preparing packages for ownCloud server 5.0.8 for earlier Ubuntu releases that are supported by the Updates repository. 5.0.8 is the last version that contains security fixes. It is supposed to hit the repos in about 1.5 weeks from now.

Happy Saucy Salamander!

Ubucon and ownCloud, ownCloud and Jolla/Sailfish http://www.arthur-schiwon.de/ubucon-and-owncloud-owncloud-and-jollasailfish http://www.arthur-schiwon.de/ubucon-and-owncloud-owncloud-and-jollasailfish http://www.arthur-schiwon.de/ubucon-and-owncloud-owncloud-and-jollasailfish Tue, 15 Oct 2013 17:21:00 +0000

Photo: Dominik Wagenführ, CC-BY-SA

Last weekend I attended Ubucon, an Ubuntu user conference organized by the German Ubuntu community. I was giving a talk about, surprise, ownCloud. If you are interested in my talk, please find the slides in PDF on the program page. Beware, they are in German! Those who have seen my talk, please give your honest feedback on the Ubucon feedback page!

A detail that is not on the slides is that I was wearing my "I am the first one" Jolla T-Shirt (like this). It provoked the question about an ownCloud mobile client for SailfishOS. I want to answer it here as well.

Jolla/SailfishOS app for ownCloud

First, and as far as I know, in the ownCloud community, no is one working on an app for SailfishOS… yet.

But SailfishOS has an Android compatibility. And with regard to the screenshots seen so far, the F-Droid app store will be shipped. There you find free software only, including the ownCloud app and the ownCloud news reader. However, I have no idea whether they work seamlessly and without any issue.

However, native apps are to be preferred. Given the nature of Android, I am scared those apps or the compatibility layer will eat too many resources. That said, the Android app – if working – might be OK to bridge some time, but a native app is the way to go. There are three approaches for an ownCloud app for SailfishOS:

  1. Write an app from scratch
  2. Port the Android app
  3. Port the ownCloud desktop client

Writing another similar piece of software is kind of tiresome. I do not know too much about Android and Sailfish app programming, but my feeling is that it could also cost quite some time. Now, porting the desktop client might sound odd at first, but it is already written in Qt and uses a lib written in c for syncing. Plus, SailfishOS (respectively its base Mer) is a "real" Linux. So I asked our client developers. ogoffart and Dragotin told me that csync, the sync lib, should work on any Linux-based operating system. The only thing that need to be adjusted is the GUI, to work properly on the smaller screen and make use of the Sailfish-features. Since the GUI is seperated from the actual application, it really "only" takes writing a GUI for SailfishOS.

Who really is missing, is someone going to step up and do it ;) Although I would find it interesting to dive into it I lack the skills (sure, can be learned) and foremost the time. If you, Dear Reader, are looking for a SailfishOS app idea, here it is ;)

Already one native ownCloud app for SailfishOS

ownCloud is not only files, but can be so much more, like Calendar and Contacts and Bookmarks and News and whatnot, there is a lot of room for all kinds of mobile apps to interact with different ownCloud functionality. It is great to see that there is already a note-taking ownCloud app for SailfishOS ownNotes from Benoît Hervier. Do you know more? Please comment!

Introducing ownCloud 6 http://blog.karlitschek.de/2013/10/introducing-owncloud-6.html http://blog.karlitschek.de/2013/10/introducing-owncloud-6.html http://blog.karlitschek.de/2013/10/introducing-owncloud-6.html Wed, 09 Oct 2013 16:08:00 +0000 Today we release the first Alpha of the latest (ownCloud 6) Community Edition and I'm extremely excited by the latest features. ownCloud 6 is the fastest, best looking, easiest to use ownCloud yet. Oh, and it has a ton of cool, new features that the community can use to safely and privately sync and share files. We also spend a lot of energy on stabilizing and fixing bugs and we will keep on doing this in the future.
The brave at heart can take a look at the Alpha 1 now (warning, may kill your hamster). I've listed some of the top features below (more detail to come), and there may be a surprise or two added in the coming weeks.
A new era has begun at ownCloud, ownCloud 6 -- thanks to all who helped virtually and in-person in Berlin.
  • Activity feed. See what is going on in your ownCloud
  • Improved design. Less visual clutter and more space for better focus
  • Performance. Improved performance across the board.
  • Avatars. People can upload pictures of themselves that augment their interactions, so users are easily recognized by others.
  • Previews. Thumbnails for filetypes are shown in the interface.
  • Conflict handling. A new web conflict dialog if a file is uploaded that already exists.
  • ownCloud App API. Easier development of 3rd party apps, easier access to core functions for app development.
  • Share file notification. Send an email if sharing a file or folder.
  • Example files for new users. Load new user's with files, such as a tutorial on how to use ownCloud, which appears when they first log in.
  • Sharing REST API. Control sharing from mobile apps and desktop clients
  • App management. Improved management of 3rd party apps.
  • Bug fixes. A ton of bugfixes went into this release
  • Many smaller improvements

Thanks a lot to everyone in the community who contributed and made ownCloud possible. ownCloud is an open free software community project. Everyone who wants to contribute is welcome. So join us.

DAV Torture http://dragotin.wordpress.com/2013/09/27/dav-torture/ http://dragotin.wordpress.com/2013/09/27/dav-torture/ http://dragotin.wordpress.com/2013/09/27/dav-torture/ Fri, 27 Sep 2013 15:07:00 +0000 Currently we speak a lot about performance of the ownCloud WebDAV server. Speaking with a computer programmer about performance is like speaking with a doctor about pain. It needs to be qualified, the pain, and also the performance concerns.

To do a step into that direction, here is a little script collection for you to play with if you like: the DAV torture collection. We started it quite some time ago but never really introduced it. It is still very rough.

What it does

The first idea is that we need a reproducable set of files to test the server with. We don’t want to send around huge tarballs with files, so Danimo invented two perl scripts called torture_gen_layout.pl and torture_create_files.pl. With torture_gen_layout.pl one can create a file that contains the layout of the test file tree, a so called layout( or .lay)-file. The .lay-file describes the test file tree completely, with names, structure and size.

torture_gen_layout.pl takes the .lay-file and really creates the file tree on a machine. The cool thing about is that we can commit on a .lay-file as our standard test tree and just pass a file around with a couple of kbytes size that describes
the tree.

Now that there is a standard file tree to test with, I wrote a little script called dav_torture.pl. It copies the whole tree described by a .lay file and created on the local file system to an ownCloud WebDAV server using PUT requests. Along with that, it produces performance relevant output.

Try it

Download the tarball and unpack it, or clone it from github.

After having installed a couple of perl deps (probably only modules Data::Random::WordList, HTTP::DAV, HTTP::Request::Common are not in perl’s core) you should be able to run the scripts from within the directory.

First, you need to create a config file. For that, copy t1.cfg.in to t1.cfg (don’t ask about the name) and edit it. For this example, we only need user, passwd and url to access ownCloud. Be careful with the syntax, it gets sourced into a perl script.

Now, create the local reference tree with a .lay-file which I put into the tarball:

./torture_create_files.pl small.lay tree

This command will build the file tree described by small.lay into the directory called tree.

Now, you can already treat your server: Call

./dav_torture.pl small.lay tree

This will perform PUT commands to the WebDAV server and output some useful information.
It also appends to two files results.dat and puts.tsv. results.dat just logs the results of subseqent call. The tsv file is the data file for the html file index.html in the same directory. That opened in a browser gives a curve over the average transmission rate of all subsequent runs of dav_torture.pl (You have run dav_torture.pl a couple of times to make that visible). The dav_torture.pl script can now be hooked into our Jenkins CI and performed after every server checkin. The resulting curve must never raise :-)

To create your own .lay-file, open torture_gen_layout.pl and play with the variables on top of the script. Simply call the script and redirect into a file to create a .lay-file.

All this is pretty experimental, but I thought it will help us to get to a more objective discussion about performance. I wanted to open this up in a pretty early stage because I am hoping that this might be interesting for somebody of you: Treat your own server, create interesting .lay files or improve the script set (testing plain PUTs is rather boring) or the result html presentation.

What do you think?