Welcome to Nextcloud News, our contributor blog roll. Nextcloud contributors should ask to get added!
Welcome to Nextcloud News, our contributor blog roll. Nextcloud contributors should ask to get added!
We’re proud to introduce the Nextcloud Secure Sharing Outlook Add-in which enables Nextcloud customers to easily and securely sent files, folders or upload links to others from within Microsoft Outlook. The Add-in can replace attachments, automatically uploading files to Nextcloud and inserting a secure link in the email. It also makes it easy for users to provide others with a secure file upload link.
Complementing our existing add-in for Calendar and Contacts synchronization with Outlook, the Nextcloud Secure Sharing Outlook Add-in takes away the IT headache caused by risky attachments. Storing and sharing files securely through Nextcloud ensures company policies on data availability, retention and safety can be enforced. This enables system administrators for example to make sure files are run through the virus scanner, certain file types are protected from being shared outside the company or retention policies are followed.
Another significant advantage for IT departments is the savings in storage space for email servers. The add-in negates the need for storing large amounts of attachments in multiple email boxes and decreases network traffic.
The Nextcloud Secure Sharing Outlook Add-in supports:
The Nextcloud Secure Sharing Outlook Add-in works with Microsoft Outlook 2010, 2013 and 2016.
With at a price of USD 5 per user per year with possible volume discounts, the Secure Sharing Outlook Add-in is available to Nextcloud customers. More information can be found on our website.
The plugin was developed by Nextcloud Partner Assanti. Assanti is based in the Netherlands and develops products for the security-sensitive insurance industry.
Seven years ago on this day, Frank Karlitschek announced a project at Camp KDE in San Diego to help people protect their privacy: ownCloud. Today, he and the team that started this effort are still working on this exact same thing (though under a different name). We’re super proud of the huge community we have built over the last 7 years and the millions of users who have been able to take back control over their data thanks to our work!
We have two videos to share, one in which Frank announces this project and another from the Nextcloud Conference where the team from the first years, from the very first ownCloud meeting ever, recalls some fun memories!
On January 17, 2010, Frank Karlitschek announced the ownCloud project with the goal to develop a free and open source replacement for Dropbox and the like. The goal was to put users back in control over their data.
By the end of the first year, Frank had already announced ownCloud 1.0 and followed it by 1.1. In April 2011, a first meeting with 5 participants and supported by the KDE community kicked off the development of ownCloud 2.0. The write-up on the KDE news site already points to some of the jokes recalled in the video from our Nextcloud Conference below…
The participants where Frank Karlitschek, Jakob Sack, Robin Appelman, Jan-Christoph Borchardt and Arthur Schiwon. Indeed, all people you will know from our contributor page, with four of them part of the Nextcloud GmbH Team servicing enterprise users of ownCloud and, now, Nextcloud, for many, many years!
We’re all very proud to be a part of this project and we look forward to many more years of taking care of you, as users, building a product we can all be proud of.
Welcome to 2017! Our new year resolution: continue to provide you the safest, most secure way to protect your data!
Today Nextcloud makes available updates for Nextcloud 9, 10 and 11 with a number of bug fixes and a precautionary update for the SwiftMailer vulnerability discovered recently. We recommend to update at your earliest convenience. Read on to find out what has changed.
Nextcloud 11.0.1 introduces about two dozen fixes dealing with Safari’s lack of decent CSPv3 support, a fix for LDAP issues, the Calendar/Contact DAV endpoint and more. About a dozen is relevant for 10.0.3, making updates more reliable and fixing some translation and visual issues.
Find more details in our changelogs.
Just before the end of 2016, a security researcher published a security advisory for an unfixed critical vulnerability in SwiftMailer. SwiftMailer is a widely used library for sending e-mails from PHP applications and used by many popular frameworks such as Yii2, Laravel or Symfony.
This library in question is also used by Nextcloud and we’ve immediately begun analyzing the vulnerability as well as it’s exploitation path. After extensive analysis by members of our security team we believe that a standard Nextcloud server installation is not affected by this specific vulnerability. However, as we include the library in our public programming API third-party app authors may call the library in an exploitable way.
Nextcloud takes security very seriously and protecting user data is of utmost importance to us. We want to state again, that this is purely a security pre-caution and based on our research this seems like a non-exploitable issue in a default Nextcloud server installation. However, as we didn’t want to take even any slightly theoretical chance of exploitation we’ve decided to err on the side of caution to protect our users.
Nextcloud employs dedicated security personnel, is subject to regular penetration testing, static and dynamic analysis and offers bug bounties up to $5,000 for critical security vulnerabilities.
We made available the updates for Nextcloud 9, 10 and 11 on our download server and via the updater. If you are on the latest version you will receive an update notification. Due to staged roll-outs the update notification does not come at once for all users. You can expect to be notified at the latest by the end of next week. Users on Nextcloud 10 or 11 can bypass the waiting period by setting their release channel to ‘beta’ to immediately receive Nextcloud 11.0.1.
Why would you prefer an open source solution over a proprietary one? 8 good reasons reasons why you benefit from purchasing open source solutions!
Forbes notes that 90% of all startups fail and less than half of small and medium businesses survive beyond 5 years. With migrations being the pain they are, it is a bad idea to rely on vendors shipping a product only they can sustain!
Open Source enables communities to build software collaboratively. For example, Open Stack is built by dozens of companies and individual volunteers, providing customers the certainty that no matter what happens to any individual vendor, they can find a vendor to provide support. With open source, a business makes a long-term investment in the efforts your team has put in to get the product implemented. Access to the source ensures that you will always be able to hire a freelancer from the pool of contributors to make sure your deployment stays alive as long as you need it.
You’re about to invest engineering and financial resources in integrating a product in your infrastructure. You want a product which is developed actively, brings you fixes for problems regularly, as well as new innovations when you’re ready for it. How do you know you don’t invest in a product which is a dead end? As open source development is open you can compare various products from vendors by looking at the development velocity and health of the development community. A more active, diverse and healthy community will result in a better product one or two years down the line – an important thing to consider. Of course, as Red Hat points out in this blog about enterprise open source, the vendor needs to be capable of handling the instability which comes from the innovation by the development project–look for a vendor with a long support cycle to not be put on that upgrade mill!
You can see how a project is doing on analysis sites like OpenHub.
The open development is a key factor and a pre-condition for superior security, a prime concern for many organizations these days. You can verify if a vendor is actively pursuing security, looking at how it treats issues with it directly. The ability to study the source and perform independent code audits makes it possible to find security issues early and to fix them in time. Vendors like Nextcloud give a Security Bug Bounty of thousands of dollars as extra incentive and a show of confidence in their product.
Beyond code, open development also means open processes, so you can check and see if a vendor follows baseline industry standard development processes as recommended in standards like ISO27001, Cloud Security Principles and others. Of course, an external review by a trusted party like the NCC Group offers additional assurance.
As users and customers can directly see and get involved in development, open source projects are typically more aligned with the needs of their users than closed source software which often has a focus on ticking some check boxes for the marketing team.
A proprietary vendor is typically the one and only party who can help you if there are problems. They don’t offer support the way you need it or charge a huge premium for adjustments to your business needs? Though luck, nothing you can do. Support for proprietary software is a typical ‘lemon market’. With open source, the vendor either provides great support or others will fill the gap – the free market at its finest, ensuring you get the very best support possible.
Typical software licenses are full of awful clauses, usually topped off with forced arbitrage so you won’t even have a chance to sue if the vendor misbehaves. Part of the problem here is that you merely license a right to use the software, often entirely at discretion of the vendor. You get no ownership, nor any rights in case the software doesn’t work, stops working or if the vendor demands more payments. Open Source licenses like the GPL are specifically designed to protect the customer rather than the vendor, ensuring you get to use the software however you need and without arbitrary limitations, for as long as you like.
Thanks to their wide usage, the implications of licenses like the GPL and derivative licenses are widely understood. For example, you can be assured that the license allows your existing (open or closed) infrastructure to connect with it through well defined API’s, has no restrictions on time or number of users and won’t force you to open up configuration or intellectual property like company logos.
Proprietary software requires you to keep a close eye on usage and compliance. Worse, on top of that some proprietary and some open core products are even shipped as a mix of AGPL licensed and proprietary licensed software, which is a license breach and risk for their customers. And, as Gartner points out, an open core model means you get none of the benefits of open source. A pure open source licensed product avoids all these issues. Instead, you have just one compliance rule: if you make modifications to the code (not configuration, logo’s or anything like that), you have to share them with those you distribute the software to–if they ask.
We’ve given you 8 reasons to prefer an open source solution over a closed one. Time to take control over your infrastructure!