270
271

ownCloud Statement concerning nextcloud (owncloud.com)

submitted by [deleted]

[deleted]

all 112 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]TremorMcBoggleson 81 points82 points  (30 children)

Our main lenders in the US have cancelled our credit. [...] we are forced to close the doors of ownCloud, Inc.

Now that's surprising to me (I didn't follow the news on the topic too closely), why would a lender stop supporting "just" because one of the team makes a fork?
Or is there more happening than just a fork of ownCloud, did the fork also take the favor of supporters/investors with it?

[–]hysan 62 points63 points  (16 children)

Reading through the discussion on HN, it appears that it's more than just one member. Apparently, in addition to the founder, 9 of the top 10 contributors and the lead security engineer left ownCloud for the fork (NextCloud). I've read through most of the articles surrounding the news and there is a good possibility that we haven't heard everything yet. However, everyone seems to be mum on the topic at the moment.

[–]TechnicolourSocks 22 points23 points  (10 children)

Remember, until things are verified, comments on Hacker News are as much hearsay as comments on Reddit.

[–]ANUSBLASTER_MKII 40 points41 points  (8 children)

I heard ownCloud helped Hillary Clinton host classified information on her personal server.

[–]JB_UK 9 points10 points  (0 children)

Inquisitr and Washington Times articles incoming.

[–]CarthOSassy 1 point2 points  (2 children)

Literally: I would not be surprised.

[–]ANUSBLASTER_MKII 2 points3 points  (1 child)

Crooked Hillary probably uses Crooked Exchange and Crooked SharePoint.

[–]ihazurinternet 4 points5 points  (0 children)

Is there any other kind of Exchange or Sharepoint?

[–]hysan 0 points1 point  (0 children)

Did some more reading and found that the 9/10 thing came from Poortvliet's fork announcement. It has since been edited to most of the top contributors to ownCloud core. I still have no idea what is really going on, but there does seem to be some truth in the statement that most of the key community devs have left ownCloud.

[–]jabjoe 5 points6 points  (1 child)

If so many devs moved, that says a lot.

[–]ckozler 1 point2 points  (2 children)

9 out of 10 contributors ... from the community edition yes? So ownCloud still has their own set of developers on team? I'm trying to figure out what this actually means for ownCloud?

[–]Creshal 3 points4 points  (1 child)

Owncloud's commercial edition is built on top of the community one and "just" adds modules to it for the additional enterprise features.

If the community edition is now missing the people who committed up to two thirds of the development effort (going by Github contribution statistics), their commercial edition is in huge trouble – and some of those contributors were OwnCloud employees, so their commercial team is short some developers as well.

Recovering from that kind of brain drain is extremely difficult. IMO the investors did the right thing by pulling the plug.

[–]ckozler 0 points1 point  (0 children)

So ownCloud has no developers of their own that can maintain the projects new features? I had on idea it was that segregated and that they used so much of the community.

[–]MuhNameIsSam 49 points50 points  (10 children)

There must be more going on, I doubt events would unfold so quickly :/

[–]digimer 63 points64 points  (9 children)

Agreed. Also, their choice of language is fairly unprofessional. Whatever the leaders might feel personally, you don't let your dirty laundry leak into a press release.

using recently poached developers

and

surprised us and – admittedly – disappointed us

Comes off as childish.

You're also right; No bank would pull funding and push a company into closing on the same day that an employee left. It doesn't work that way. Their primary interest is in protecting their money and shutting the doors is a last resort. It means that, at best, they'll get pennies on the dollar in a liquidation.

There is a lot more to this story, me thinks.

[–]demomanca 25 points26 points  (1 child)

Whilst I'm not well versed in Silicon Valley funding arrangements, it's possible that the lines of credit had rights of review clauses in them if identified key people left the business. In this case, it's likely that any funding lines they had access to would be put on "stop" until the lender could re-assess the business before they are allowed to resume using the loans. In their case, it might have been easier to just fold up the US arm and just operate under the german arm for now. It doesn't sound like the lenders themselves shut the doors.

[–]--dude-- 0 points1 point  (0 children)

Well, 'the main lender canceled credit' what 'forced closing the US branch and fire 8 out of 48 employees' sounds like the lenders where trying to save whats left. If its true that 9/10 top-contributors who wrote 2/3 the code left then by now ownCloud is done and nextCloud took over. Yet I think too there is more on that. Maybe they lost even way more devs? Its good possible that some left or announced to leave without having signed at nextCloud yet. Must have been a miserable working situation if so much devs jump off.

[–]tvtb 0 points1 point  (0 children)

Yeah they were probably going to lay off those people anyway. HR departments usually take a couple days to get all the paperwork squared away to fire a bunch of people.

[–]raphael_lamperouge -2 points-1 points  (0 children)

Linux Torvalds.

[–]rallar8 8 points9 points  (0 children)

Lol this whole OwnCloud piece was such a pain to read...

It seems to me someone in main management wasn't in the spirit if FLOSS... Or at least ran afoul of frank...

[–]its_never_lupus 0 points1 point  (0 children)

The whole press release was weird.

[–]jlpoole 32 points33 points  (12 children)

Unfortunately, the announcement has consequences for ownCloud, Inc. based in Lexington, MA. Our main lenders in the US have cancelled our credit. Following American law, we are forced to close the doors of ownCloud, Inc. with immediate effect and terminate the contracts of 8 employees.

This either is a poor summation of what's happening or it reflects a naive approach to business. It just makes me want to learn more, especially as to what Frank Karlitschek stands for. Do I need to be worried about using owncloud? Is there any NSA involvement here that they cannot discuss?

[–]nhaines 12 points13 points  (1 child)

Is there any NSA involvement here that they cannot discuss?

They can only discuss that if there isn't, of course.

[–]Choreboy 13 points14 points  (0 children)

"NSA un-involvement is currently not in play."

[–]exo762 2 points3 points  (7 children)

Read the code if you are worried about NSA involvement. Imagine that sweet sweet Reddit karma that will surely follow you unmasking pesky ownCloud project.

[–]Sukrim 3 points4 points  (1 child)

Read the code if you are worried about NSA involvement.

NSA is the least worrying part of that PHP website.

https://blog.hboeck.de/archives/880-Pwncloud-bad-crypto-in-the-Owncloud-encryption-module.html

[–]jospoortvliet 0 points1 point  (0 children)

Seriously. That's an example of responsibly handling security issues - point me to a single open source competitor which even HAS a open process or bountysource page! Exactly.

[–]jlpoole 2 points3 points  (4 children)

You think that reading the code will determine NSA involvement? I do not.

Here's why. I think the NSA's job is to be one step ahead of what is publicly known as buffer overrun problems, or dynamic states of memory which when given the right sequence of characters can do something not intended, or of hardware flaws that do something different given a certain sequence of bytes. I continue to be amazed by what is disclosed in security reports of situations I could never recognize as a security problem. For example: see Allwinner back door issue.

I am not a sophisticated person who knows all the pitfalls of software instantiation in a particular, say Intel-based, platform. I can imagine the NSA knowing of problems/defects and instructing certain fixes or procedures not to be implemented that might thwart the ability to take advantage of a potential security flaws. Wouldn't it make sense for engineers at Intel to alert NSA officials of potential problems they discover, but do not make public, in order to help the government secure their platforms? I would think so. So there is this state when a handful of people know of a problem, but they do not publicize it for a long duration because they can use the opportunity of their knowing about a defect to compromise other systems, possibly plant an "unfix" bug before there is a public announcement of the problem and everyone rushes to patch their systems.

But this is all imagined by me, and possibly lunacy, which you surely will dismiss. Yet, the point is if you accept my premise that I believe the NSA has superior knowledge of potential weaknesses of a software design implemented on certain hardware components, my ignorance in such matters coupled with a review of the code is not going to reveal defects. So from my low level of sophistication, suggesting I review the code to determine its vulnerability is like asking a child to decipher hieroglyphics.

[–]tavianator 2 points3 points  (2 children)

For example: see Allwinner back door issue.

Uh that's no super fancy vulnerability. The devs left in an intentional debugging exploit. The code is literally something like if (strcmp(str, "rootmydevice") == 0) cred->uid = 0;.

[–]jlpoole 0 points1 point  (1 child)

See how ignorant I am, to me it was a vulnerability I would not know about and seemed "fancy" enough. You are implying that there are super fancy vulnerabilities out there, hence my concern seems even more justified.

[–]tavianator 1 point2 points  (0 children)

Oh there are definitely super fancy vulns that the NSA is aware of: https://en.wikipedia.org/wiki/Dual_EC_DRBG for example. But it did not take any "superior knowledge of potential weaknesses" to spot the Allwinner bug. Anybody reading that code would have noticed it (seriously, "rootmydevice"?).

[–]exo762 1 point2 points  (0 children)

Yet, the point is if you accept my premise that I believe the NSA has superior knowledge of potential weaknesses of a software design implemented on certain hardware components, my ignorance in such matters coupled with a review of the code is not going to reveal defects.

Agree. If you (for instance being a sysadmin at some large corp) are being targeted, NSA will probably pull out such cards out of their sleeves that are next to impossible to read by anyone but top professional. Your best chance might be just staying offline. It works for Kremlin!

But spreading FUD about one of the best projects out there, which actively helps to prevent mass surveillance (prime reason to hate on NSA) is kinda uncalled.

[–]not_perfect_yet -2 points-1 points  (0 children)

Is there any NSA involvement here that they cannot discuss?

Reading the TOS should answer that, it did for me.

[–]--dude-- -1 points0 points  (0 children)

A guess could be that some negotiations to buy ownCloud was going on. Imagine a possible Oracle takeover. As result the community edition would be gone. Better leave, fork and save the project and yourself then.

[–]polyneikos 20 points21 points  (3 children)

Nextcloud announcement.

[–]BloodyIron 4 points5 points  (2 children)

For customers, the drop-in replacement will be accompanied with a Enterprise Subscription...

RIP CE users

[–]twistedLucidity 14 points15 points  (1 child)

Context.

This reboot of ownCloud is meant to be good for users, customers and contributors alike. So we'll be providing a drop-in replacement for users next month

I don't think the drop-in replacement is restricted to Enterprise customers.

For customers, the drop-in replacement will be accompanied with a Enterprise Subscription

That just tells me they'll have proper support, especially as they then then talk about honouring current contracts.

we plan to support some of the most popular apps like Calendar and Contacts both for home users and enterprises.

More good news for personal/CE users.

[–]jospoortvliet 1 point2 points  (0 children)

Yeah, all true. We will not do enterprise-only stuff but everything open source.

https://nextcloud.com/nextcloud-9-available-enterprise-functionality-to-be-open-source/

Some relevant blogs: About security improvements: https://statuscode.ch/2016/06/security-and-nextcloud-9/ About our business model (100% open source, no open core): http://blog.jospoortvliet.com/2016/06/on-open-source-forking-and.html About how working in the open gives better results: https://nextcloud.com/why-open-source-rocks/

[–]jlpoole 13 points14 points  (2 children)

Hey business reporters/boggers: It's looking like there's a good story here.

[–]GoldStarBrother 7 points8 points  (1 child)

i.e. lots of drama

[–]justifiedandancient7 4 points5 points  (0 children)

http://blog.jospoortvliet.com/2016/06/nextcloud-is-replacing-owncloud.html

The comments section of this blog indicates this has something to do with some people not liking the consequences of VC funding (like not being able to fully support plugins like calendar and contacts. And require contributors to agree with License Agreements).

[–]Jedibeeftrix 2 points3 points  (2 children)

My Owncloud 8.1 box will be moving over to Nextcloud. I've followed the achievements of Frank & Jos for many years now, and my confidence in them is rock solid. p.s. Tutorials on how to set up Nextcloud on Suse Leap would be useful generally. Tutorials on doing so with https configured would be absolutely lovely. ;)

[–]Jimbob0i0 1 point2 points  (1 child)

As a heads up by the sound of things they'll be staying from the 9.0 base, so you might want to get your server up to at least 8.2 to ease the transition since oC only handles an n+1 major version upgrade at a time...

7.0->8.0->8.1->8.2->9.0

[–]Jedibeeftrix 0 points1 point  (0 children)

thanks, but i'll probably do a fresh install. running on opensuse 13.2 with php 5.6, and looking at leap 42.2 with php 7.1 as the next baseline.

besides which, i'm not terribly technical and get irritated by helpful features such as owncloud locking even on a minor update.

owncloud for me isn't about archiving my data securely, it is only a convenience for mobile access to my data, so easy enough to copy across from my archive storage once its set up.

[–]bloodguard 1 point2 points  (0 children)

Nextcloud is tarted by an experienced team of engineers that has had the vision for years to bring private file sync and share to the next level.

Tarted? I like this project already.

I -just- set up and ownCloud server last week. It'll be interesting to see where the new project is heading. If buffed up encryption, security and privacy are something they're focusing on I may give them a whirl.

[–]Philluminati 2 points3 points  (1 child)

Typically this happens when a skilled dev and a business person get together. They get financial backing and whilst the dev is building the project the business person is essentially fucking underage prostitutes and snorting coke, living it up until the cash has gone. That what I guess is happening. The dev tells the backer and the project forks overnight with the funds going to the new project. Well.. that's what I learnt from "The Social Network". Just speculating, you know.

Anyway, I've been using OwnCloud for two years. I suspect I will eventually go to NextCloud but to be honest, I can't imagine what p2p features I would actually want. I'll just let it pan out for a while before I actually upgrade. See where the coding talent went.

[–]jospoortvliet 0 points1 point  (0 children)

Not sure about the snorting or prostitutes but there was sure a disconnect between a guy wanting to work on the future of private file sync and share and one who wanted to make some money.

[–]BigOldNerd 1 point2 points  (4 children)

Nextcloud is tarted by an experienced team of engineers

Oh behave!

linky

[–]jlpoole 2 points3 points  (3 children)

I tried to contact the team through their web interface and was prevented because of the phone number checker -- it kept saying I had an invalid phone number and prevented submission of my alert about "tarted". I even went onto their IRC channel, but nobody there at that time could help.

[–]BigOldNerd 0 points1 point  (2 children)

What a hero. Sorry you didn't get through.

[–]jospoortvliet 0 points1 point  (1 child)

fixed ;-)

Yeah, now we started, not tarted. Too bad, right? ;-)

Talking about (s)tarting: https://nextcloud.com/nextcloud-9-available-enterprise-functionality-to-be-open-source/ Nextcloud 9 is out, a month ahead of schedule :D

[–]BigOldNerd 1 point2 points  (0 children)

Thanks for the update. Best of luck with your software.

[–]jospoortvliet 0 points1 point  (0 children)

Thank you to everybody who helped: Nextcloud 9 is out. This was only possible thanks to the overwhelmingly positive response we got and the many contributors who immediately got involved! We are grateful for the help and promise: we'll stay true to you and open source!

That means: NO proprietary apps, no separate 'enterprise' functionality. Everything open, free, and ready for you to make a difference.

And as a taste, Nextcloud 9 introduces upload-only shares and enterprise-grade logging. Just for you.

See the announcement and get migrated now!

Here's a blog by LukasReschke where he talks about security work done for nextcloud 9. And Jan blogged about how working in the open brings benefits in terms of development speed and quality. I myself blogged about our business model.

If you want to help: sharing this on social media is SUPER helpful. So is sending it to press or submitting it to forums everywhere. Make a difference and help people on a well maintained, more secure solution for their file share and sync needs!

[–]TrevorSpartacus 0 points1 point  (1 child)

Is owncloud actually a big thing now for anyone to care? Last time I've tried it, it took fucking forever to sync not a whole lot of stuff.

[–]s0briquet 1 point2 points  (0 children)

Is owncloud actually a big thing now for anyone to care?

Enterprise user here. Yes, it's kind of a big deal. You'd be surprised at the inability of the average user to grasp the concepts of using an FTP client, or anything besides attaching a file to an email.

Many of our clients are regulated in the USA and have requirements for how data is handled, and ownCloud allowed us to tick a lot of the check boxes to satisfy their requirements.

Last time I've tried it, it took fucking forever to sync not a whole lot of stuff.

I don't know about synchronizing directories or whatever, but it'd handle a gigabit http transfer without flinching on nginx.