Welcome to Nextcloud News, our contributor blog roll. Nextcloud contributors should ask to get added!
Welcome to Nextcloud News, our contributor blog roll. Nextcloud contributors should ask to get added!
After a testing period we’ve made available bugfix and security updates for Nextcloud 9, 10 and 11 today. You can download them from our changelog page. Here are the major improvements:
Note that with our upcoming release of Nextcloud 12, you can skip the step of manually re-enabling apps as that will happen automatically!
Find Nextcloud 11.0.3 on our download page. You can grab the zip files for older releases on the changelog page. Your linux distribution will most likely come soon with updated packages (see status here).
As always, we suggest to update to this release as soon as you can! It should be a safe update but if you’re worried, we always encourage helping us test release candidates. Follow the releases topic on the forums, where RC’s for these releases appeared last week! You should also consider subscribing to our release announcement newsletter if you wish to be kept up to date by email.
Note that this is the last update for the Nextcloud 9 series. If you want to continue to use this version, please contact Nextcloud sales to get access to our Long Term Support offering.
Last week, we put live a big update to the Nextcloud App Store bringing validation of certificate signatures, app ownership migration, better localization and other smaller improvements. With over 50 apps, the store is an important source for additional capabilities and features for Nextcloud users and customers.
The app store can now handle new Nextcloud versions and deal with a number of new XML elements. Users can switch between language comments and have post ratings in multiple languages!
A bigger improvement is that it is now possible to transfer ownership of an app so that if a maintainer steps down or a company wants another employee to handle uploading new versions, a new owner can take over.
For developers, the command line tool now has commands to update tokens, set a default password for an admin user for development and verify an email address
Architecture-wise, the frontend code was migrated Typescript + Webpack and the bug tracker now has to be present in info.xml, as does a proper max-version.
An important security measure in the app store is to cryptographically check the authorship of an app before it is delivered to users. A new improvement is that we now also cryptographically check the identity of developers before they can claim apps. Until now, it would have been possible for a developer who knew a public certificate of an app to ‘claim’ its ownership. He/she would not have been able to upload malicious content without knowing the signature but it was still not a situation we wanted to have.
Of course there were a number of bugfixes like fixing the Discourse forum links which had underscores in them, removal of duplicate language entries in comments, layout improvements, certificate validation error codes and more.
The new app store is a nice step forward, getting us ready for a big release coming up!
A new, big release of our iOS client was made available in the App Store yesterday! It comes with a fresh new look, built-in search, notifications, activities, synced favorites, Document Provider Extension support and many other improvements and bug fixes. Read on for a quick overview of what is new or improved.
This release is all about integrating more tightly in both iOS and Nextcloud. On the iOS side, thanks to the Document Provider Extension support you can now upload files to Nextcloud from other iOS apps. You can also use your files from within Nextcloud, sending them by email, or edit your images in another application and save them back on your Nextcloud.
The client provides auto-upload of pictures and videos which can be sorted in subfolders by date. However, if you wish to upload images separately, you can do that in a specified folder following a mask like
"holiday-Italy-YY-MM.jpg" or such, keeping your digital memories organized.
See the video below.
You can also choose what folder you want to use as auto-upload for images and videos, see the video below on how to change those settings.
From the Nextcloud side you’ll be able to follow your activity stream in the iOS app, giving you an overview on what is going on with your files. The client will also notify you of new shares, username mentions or incoming Spreed calls. The client can now sync your favorites with the server and make them optionally available offline. You can also use the server search function from within the app to find files you’re looking for.
In the More menu you can find these and other items.
There have been many other changes. For example, the Crypto Cloud System is now optional (Settings tab) and can be enabled or disabled at any point. Last but not least, there was some UI work from minor changes (the add button is now on the center of the tab bar) to bigger ones (in your account information you can see how much space is left in your Nextcloud account). It is also possible now to remove a single file from the local cache.
Of course a number of bugs were reported and have been fixed in this release as well.
As you certainly have noticed, this is a major release introducing a lot of changes and improvements! If you are an iOS user, grab your copy now from the Apple App Store!
Today, German news outlet Heise reported on the recommendation by computer magazine c’t to leave US clouds and keep data on European servers. An earlier analysis declared the USA ‘walling itself in’ after President Trump signed an executive order throwing heavy doubt on the successor of the data privacy protecting Safe Harbour agreement, Privacy Shield.
Journalist Swapnil Bhartiya pointed out in a blog that:
Trump is not a huge fan of privacy or open internet. The new UK government is also heading in the same direction.
With the General Data Protection Regulation Europe will enforce even stronger user privacy regulations starting in 2018, forbidding data processors to store sensitive data outside of a list of approved countries. These regulations are wholly incompatible with the changes in other countries, prompting at the very least costly and difficult data migrations for companies making use of public, US based clouds. Worse, mistakes could become very costly with the GDPR sanctions going up to 20 million euro or 4% of the annual, global turnover of businesses, whichever is greater!
Even European hosted solutions developed by American companies, like Telekom’s Microsoft Office 365, are far from safe with the last executive order already shaking its foundations. It states that any data under control of a US company is to be turned over in case of a request from US law enforcement agencies. US companies own the software companies use (a software license does not transfer ownership!) so in the worst reading this could mean they would be obligated to hand over data residing in out-of-country hosting centers managed by third parties. This argument is even stronger if it is a collaborative offering with a third party hoster.
A long term solution under control of your business is the safest, most reliable method of shielding your company from lawsuits. Nextcloud adds the benefit of avoiding costly migrations, independence from any single vendor and optional encrypted storage!
Nextcloud has a mandatory review process: no code can be merged until at least two other people besides the developer of the initial code have had a look and agreed that the quality and style are up to our standards. Besides the human review a series of automated tests also runs over each proposal code inclusion (a pull request). Here is an example of a pull request with reviews having taken place:
What you see is, first, that pull request number 4316 was created by MorrisJobke and consists of 1 commit and has 2 changed files. You can click on those to see the changes that were made.
He added a ‘to review’ label, so others knew he was looking for feedback, and added it to the Nextcloud 12 milestone making clear he’d wanted it to be part of that release. Next, Jobke explicitly asked developers rullzer and schiessle to review his code. Our Mention Bot then came in and pinged people who had been working on this code which, besides rullzer and schiessle, included nickvergessen.
Next up – this was a quick review turn-around – rullzer and schiessle approved the changes, without giving any comments or feedback beyond an OK and schiessle then merged the code. That was it!
Here is a quick view of the automated test results for another pull request:
The reviewers typically go line by line through the code, sometimes giving tips on how things can be done in a nicer way or pointing out a certain approach worries them. The developer then addresses the issue, either with a fix or an explanation. Here is an example where Icewind has a question, resulting in nickvergessen (who did the pull request) adding a commit that addresses the concern.
The role of a reviewer often is to ask questions and challenge assumptions. Rather than point out flaws or complain, it is meant to be positive and helpful and generally taken as such. Sometimes, reviewers even simply fix the problem they find, if they have access to the repo, as you see below:
So why would reviewing code be a way to get involved in a project? First of all, if you review, you see code all over the place, helping you get an idea of what is what. And second, you get to ask questions! As the saying goes, there are no stupid questions, only stupid answers – so you’ll find out how Nextcloud works, while other contributors get to have a 2nd, 3rd or 4th pair of eyes going over their code.
A review isn’t entirely without responsibility, of course – you signify that you can’t find issues. But we can’t all be maintainer of the specific code being reviewed, nor can we always all have enough time and knowledge to do a full, detailed review. So feedback is always welcome, even if you would not consider it a formal review!
Here is LukasReschke expressing a concern, Morris investigating and concluding the current approach is correct.
An important element of this is testing. There are very quick and easy ways of setting up a Nextcloud test environment, by just installing PHP, grabbing the Nextcloud source (you can grab a always-up-to-date master-daily from our download servers, look for latest-master.zip) and running the php webserver in the folder where you extracted the source with
php -S localhost:5000
You can then proceed to grab the patch that is under testing. That isn’t hard either, as github has a cool feature for that: append
.patch at the end of a pull request, say
https://github.com/nextcloud/server/pull/4336 and you will get the patch. Try it:
patch -p1 --dry-run < 4336.patchand then without the
http://localhost:5000in our example and see if things work as expected.
You should leave a note, both if you find issues or if you don’t so we know you checked the functionality of the patch!
And now you became part of our Review Squad
Reviewing is arguably one of the most important elements of our collaborative development process. Bringing input in terms of ideas and code from a variety of contributors through a rigorous review process is what makes Nextcloud move so fast yet keep things stable! You can be a part of that process. Just head over to the pulls from any of our sub projects – be it the server itself, or apps like the Calendar, passman or Spreed audio/video calls app. And there are the Android client or even our app store that all have open pull requests ready for your input!