[ art / civ / cult / cyb / diy / drg / feels / layer / lit / λ / q / r / sci / sec / tech / w / zzz ] archive provided by lainchan.jp

lainchan archive - /tech/ - 35350



File: 1489029784472.png (76.93 KB, 300x169, nextcloud.jpg)

No.35350

Hello, Lain.
What are your thoughts on nextcloud/ownclod for running your own cloud server at home?
I am thinking of buying a raspberry pi and use nextcloud on it to sync files betwen my tablet, phone and laptop. I use an iPhone so I can't use KDEConnect for everything.

  No.35351

I never found much point in it myself. "Cloud" to me is just some lazy fancy frontend to things I have already been doing for years with ftp, rsync, and the like.

  No.35352

>>35351
This.

Cloud is marketing speak for people who don't grok computers or the internet.

Why bother explaining to people that their files are getting syncd via some protocol when you can say, "it's in the Cloud!"

  No.35353

>>35352
Because having a nice GUI works.

  No.35357

>>35352
>>35353
this, just because the branding isn't 1337 enough for you doesn't mean easy access to netowrked storage magically becomes a bad thing.
I agree that 'cloud' is a non-descriptive buzzword, but come on.

  No.35364

>>35350
I wouldn't recommend hosting servers at home. I tried it once with a RasPi 1 since my ISP gives away free static IPs and it was awfully slow at anything I threw at it except static sites. Even If I had a faster server my VDSL connection wouldn't be able to keep up anyways.

The most convenient solution I found so far is to shell out 5 bucks a month for a decent VPS. With a VPS you don't have to care about things like electricity, noise and usually they're located in strong datacenters or close to internet exchanges.

On my VPS I run Nextcloud (along with its own MariaDB) in a docker container. That container then gets reverse proxyied (or whatever you call that) using nginx to a subdomain.
I've found Nextcloud to be a rather "heavyweight" application so I don't think a Pi could run it very well, though the newer ones might be a little bit faster than what I had.

  No.35366

>>35350

The problem with using Nextcloud/Owncloud as a file sync solution for phones and tablets is that the Android client requires you to manually pick files (not folders, just individual files) for "offline use" to be synced regularly. The only automatic syncing it does is for photos, and even then it's only for uploading from the Android devices to the server.

If you want true automatic syncing, Syncthing might be a better option.

Of course, you could use both in combination. Syncthing to sync everything, Nextcloud for ad-hoc file access and calendar/contact services, both using the same filesystem.

(Note: this assumes that your phone and tablet are Android. If IOS, please disregard this. I've never used anything with IOS, so I have no experience with the IOS Nextcloud/Owncloud clients and if they have the same file sync limitations.)

  No.35370

>>35351
You're right about that, but a cloud is also a nice, pre-packaged solution for automated syncing of files between computers. Which for me is pretty much a must. It makes everything so much neater to have all your soykaf synced on ownCloud instead of having stuff across different machines.

I'm sure you could just make something that accomplishes the same thing sans the "cloud" features, but why would you?

>>35364
The thing about having a VPS for this is that you can't cheaply have the same amount of storage with a home hosted server.

I think a VPS is great for things where having a fast, stable connection is a must. I also think they're good for backing up critical files offsite. But a 3TB, fully encrypted RAID10 server that I have complete control over and know exactly what is happening to it is something that I simply am not going to get with any hosting.

  No.35376

>>35353
>>35357

Branding and fancy GUIs have nothing to do with it. The term itself obscures what is actually going on with the technology. Is it easy to install? Sure. But it's not exactly hard to configure RAID via mdadm w/ LVM and export your shares via NFS/SMB/FTP etc. And you learn something at the same time. I always saw things like FreeNAS and pfsense as quick setup tools for the lazy.

  No.35381

>>35376
I think the whole point of making things simple is that non-expert people don't have to learn it. That way they can become better experts at other things which are just as or even more demanding that CS (instead of becoming Jacks and Janes of all trades). Meanwhile experts can be experts as there are actual people who need help.
I mean, can you grow the plants and raise the animals you eat, harvest/slaughter them, transport them, prepare them, box them (you produce the various chemicals the food is treated with, and the boxing too), and sell them to yourself, with all the tax and regulations stuff? Oh and you obviously produce the entire infrastructure for that, building roads, cars, engineering factory robots, whatever.
While I understand that every human requires certain skills, like the ability to speak or cooperate with society, I don't think self-hosted open source filesync is any more important than, say, producing the food you eat. The argument that most people don't produce their own food isn't really useful either, as most people don't host their own email etc either; they are both used by evil profit-oriented corporations, and so far the food industry has caused more trouble.

  No.35382

I'd recommend you to use Seafile instead, as it encrypts all your files and Owncloud doesn't.

  No.35383

>>35366
>The problem with using Nextcloud/Owncloud as a file sync solution for phones and tablets is that the Android client requires you to manually pick files (not folders, just individual files) for "offline use" to be synced regularly.

Is it a fundamental design flaw or just that no one bothered implementing it? I mean, how hard could it be to patch the project with such a basic feature, unless said project is horribly broken?

  No.35384

>>35381
Setting up some simple soykaf available for free on your own computer but that requires reading a little bit is not comparable to replicating any kind of industrial supply chain.
I have literally zero respect for people lazy and stupid enough to refuse to or be unable to do something like that, in much the same way as I have no respect for someone who cant cook their own goddamn food.
They aren't saving time and becoming better experts at their one super specialized fields. Thats not how this crap ever actually works.

  No.35385

>>35384
Are you mad, bro? JAJAJA

  No.35387

>>35376
>>35381
This, it comes down to a division of labor thing in the end. Sure all that sounds simple to you, but laypeople see a wall of technobabble when all they want to do is make sure their spreadsheets stay updated across their workstation and laptop so they can work from a fast food place that has wifi or whatever.
I love technology too but most people don't want or need extra work.

  No.35388

>>35384
>fuarrrking normal people ignoring my special interest I am angry

  No.35389

>>35384
>Setting up some simple soykaf available for free on your own computer but that requires reading a little bit
That's exactly what they do when they use dropbox, google, onedrive, or whatever. And as other have pointed out... why can't you respect someone just because they don't play your "free as in free stallman stickers" game?

  No.35399

>>35383
It's mostly by design. The point is that

1. It can't be default behavior. My phone has very limited space compared to size of my cloud directories.

2. There is little sane way to do the sync and still uphold Android file structure.

  No.35402

>>35382
That is not true. I even have untrusted services like Dropbox and Google Drive mounted in my ownCloud installation, just because it encrypts my files. I just don't remember if encryption is enabled by default.

  No.35406

>>35402
It's not by default, or at least wasn't last I checked, but it can do it.

  No.35415

I set up an owncloud and used it for a little while. Mostly because I was at a job that required exchanges of lots of big files (and if you've ever had someone computer illiterate try to 'share' a file with you, only to get an email advertisement to join xyz you know why. fuarrrking I am angry ) Also used it for syncing calendar and contacts on phone.

I found that it's always needing updates, some of the plugins / UI are completely unviewable unless you enable javascript and use a stock version of ff or chrome and the plugins break and such because there is poor dev support.

really I feel it's just easier and more worthwhile to use ssh / mosh /rsync and webdav.

Never used nextcloud but I imagine it's a similar experience. Bottom line is web based gui is great for helping people who are technically incompetent. I mean I feel like that's the real strength of it.

  No.35492

>>35402

Owncloud/Nextcloud encrypt file contents, but they don't encrypt file names. That's a horrifying design oversight that I'm amazed remains unfixed.

  No.35493

>>35492
But it should work with a HDD encrypted with LUKS.

  No.35607

>>35493
This isn't useful on servers. You need to provide the encryption key on every reboot, either physically via the console or remotely. It's also made useless when an attacker gains access to the system while it's still on. The only scenarios where encrypting the FS that your ownCloud server data lives in makes any sense is protection at rest, from low-tech threats (theft, investigations by non-specialized police) and to have peace of mind when a drive passes on and needs to be thrown out. If all the data on it was encrypted, you don't need to worry that anyone will recover anything from the drive.

The idea with encrypted "cloud" storage is to encrypt everything on the client side, with no secrets on the server. The server must not be trusted. Any trust in the server leads to certain doom.

Come to think of it... Suppose an attacker compromised your ownCloud instance. Wouldn't they just have to wait until you log in again to grab your password, and couldn't they then simply decrypt your data? Without a seperate encryption key that's never shared with the server it's game over as soon as the server turns evil. You could perhaps derive an encryption key to use locally and an authentication key to send to the server by hashing the actual user-entered passphrase, but a potentially compromised web login interface couldn't be trusted not to just send the passphrase without hashing it first. You'd need trusted client software for that.

I'm not sure where I was going with this, but I'll end on the claim that ownCloud's encryption is really quite useless and only truly protects your data at rest.

  No.36035

File: 1490907853742.png (53.72 KB, 200x150, 29opo.jpg)

>>35350

I had to set it up at work. I use two application servers, haproxy for loadblancing and a mariadb master/slave pair.

Storage is on nfs which comes from a half million bucks netapp system.

Users are the upper end of the corporate ladder of a 300 million biz which sells infrastructure for waste management. There are no industrial secrets or technology, so nothing of importance to protect.

soykaf works fine if you host it at home on your own infrastructure as well. Use ssl. Use clientside encryption if possible.

>>35492
The key to decrypt your files is kept on the Nextcloud server. If someone breaks into your server, you are fuarrrked, crypto or not. It helps if your hardware gets stolen if you have a passphrase on the key that must be typed in manually at start. At which point you should use LUKS anyways.

If you want encryption for important stuff, use containers and encrypt directly on your device. Then put the container on your Nextcloud server.

In fact, skip the Nextcloud stuff and use rsync for your containers.