Skip to main content



 

'Wie Nextcloud Merkel vor Trump beschützt' - Oder wie eine freie, selbst gehostete Cloud deine Daten schützt


Auf der diesjährigen No-Spy Konferent werde ich einen Vortrag mit dem Titel: “‘Wie Nextcloud Merkel vor Trump beschützt’ - Oder wie eine freie, selbst gehostete Cloud deine Daten schützt”. Worum soll es dabei genau gehen?

Spätestens seit Snowden wissen wir das Geheimdienste auf der ganzen Welt unsere Daten sammeln und analysieren. Seit dem Facebook-Cambridge-Analytica-Skandal wissen wir auch das Unternehmen unsere privatesten Daten schamlos sammeln, auswerten und sowohl für kommerzielle als auch für politische Zwecke verwenden. Während man das alles vor ein paar Jahren noch als wilde Verschwörungstheorie abtun hätte können, kann heute niemand mehr ernsthaft behaupten nicht zu wissen was mit unseren Daten bei Facebook, Google, Microsoft und anderen passiert. Wie können wir uns dagegen schützen? Vor dieser Frage stehen nicht nur Privatpersonen sondern auch viele Unternehmen und Organisationen. Eine sinnvolle Maßnahme besteht darin, nicht länger alle Daten in wenigen großen Datensilos aufzubewahren sondern auf dezentrale, selbst gehostete Lösungen zu setzen. Sind diese dann auch noch Freie Software und basieren auf Offene Standards, hat man alle was man braucht um eine sichere und nachhaltige Cloud Plattform aufzubauen. Von der Bundesregierung, über Universitäten und internationale Unternehmen bis hin zu zahlreiche Privatpersonen, ergreifen immer mehr genau diese Möglichkeit mit Nextcloud. Was bringt Nextcloud alles mit um unsere Daten nachhaltig zu schützen, dieser Frage wollen wir nachgehen.

Tags: #nextcloud #cloud #privacy #talk #nospy #stuttgart
https://www.schiessle.org/articles/2018/05/31/wie-nextcloud-merkel-vor-trump-besch%C3%BCtzt---oder-wie-eine-freie-selbst-gehostete-cloud-deine-daten-sch%C3%BCtzt/


 

Software Freiheit in der Cloud - Ein Vortrag auf den Chemnitzer Linux-Tagen 2018


Auf den diesjährigen Chemnitzer Linux-Tagen habe ich einen Vortrag mit dem Title “Freie Software im Zeitalter der Cloud” gehalten. Dabei ging es um den Einfluss von SaaS (Software as a Service) und der Cloud auf Freie Software und wie wir Software Freiheit unter diesen neuen Gegebenheiten erhalten können. Ausgangspunkt für mein Vortrag war der Artikel “Software Freedom im the Cloud” (en) welchen ich vor ein paar Monaten verfasst habe. Die Grundthese war, dass wir ähnlich wie Richard Stallman vor 35 Jahren eine positive Vision für die Zukunft erarbeiten müssen, anstatt den Fortschritt zu ignorieren. Der Vortrag wurde aufgezeichnet und wird in den nächsten Tagen Online abrufbar sein. Ich werde dann einen entsprechenden Link hier einfügen. In der Zwischenzeit kann man sich hier schon mal meine Präsentation ansehen:

(Dieser Artikel enthält eine Präsentation, hier zu sehen.)

Tags: #fsfe #FreeSoftware #cloud #saas #clt #slides


 

CS3 Workshop 2018 - Global Scale and the future of Federated Cloud Sharing


At this years CS3 Workshop in Krakow I presented the current state of Nextcloud’s Global Scale architecture. Probably the most interesting part of the talk was the current development in the area of Federated Cloud Sharing, a central component of Global Scale. Originally, Federated Cloud Sharing was developed by Frank Karlitschek and me in 2014 at ownCloud. These day it enables cloud solutions from ownCloud, Pydio and Nextcloud to exchange files.

As part of Global Scale we will add federated group sharing in the coming months. Further we want to enable apps to provide additional “federated share providers” in order to implement federated calendar sharing, federated contact sharing and more.

The next iteration of Federated Cloud Sharing will be based on the Open Cloud Mesh (OCM) specification. The Open Cloud Mesh initiative by GÉANT aims to turn our original idea of Federated Cloud Sharing into a vendor neutral standard. Something I explicitly support. In the process of implementing OCM we will propose some minor changes and additions to the existing specification to meet all our requirements. Directly after my talk I received a lot of positive feedback from different members of the Open Cloud Mesh initiative. I was especially happy to hear that PowerFolder already started to implement OCM as well and that our friends at Seafile also want to join us. I’m looking forward to work together with the OCM-Community in the following weeks and months in order to make our changes part of the official specification.

I will write a more detailed article once we have a first prototype of our implementation. For now I want to share my presentation slides with you:

(This blog contain some presentation slides, you can see them here.)

Tags: #Nextcloud #cs3 #ocm #cloud #federation #slides


 

Software freedom in the Cloud


Image/photo
How to stay in control of the cloud? - Photo by lionel abrial on Unsplash

What does software freedom actually means, in a world where more and more software no longer runs on our own computer but in the cloud? I keep thinking about this topic for quite some time and from time to time I run into some discussions about this topic. For example a few days ago at Mastodon. Therefore I think it is time to write down my thoughts on this topic.

Cloud is a huge marketing term which can actually mean a lot. In the context of this article cloud is meant as something quite similar to SaaS (software as a service). This article will use this terms interchangeable, because this are also the two terms the Free Software community uses to discuss this topic.

The original idea of software freedom



At the beginning every software was free. In the 80s, when computer become widely used and people start to make software proprietary in order to maximise their profit, Richard Stallman come up with a incredible hack. He used copyright to reestablish software freedom by defining these four essential freedoms:
  • The freedom to run the software for every purpose
  • The freedom study how the program works and adapt it to your needs
  • The freedom to distribute copies
  • The freedom to distribute modified versions of the program
Every software licensed in a way that grants the user this four freedoms is called Free Software. This are the basic rules to establish software freedom in the world of traditional computing, where the software runs on our own devices.

Today almost no company can exist without using at least some Free Software. This huge success was possible due to a pragmatic move by Richard Stallman, driven by a vision on how a freedom respecting software world should look like. His idea was the starting point for a movement which come up with a complete new set of software licenses and various Free Software operating systems. It enabled people to continue to use computers in freedom.

SaaS and the cloud



Today we no longer have just one computer. Instead we have many devices such as smart phones, tablets, laptops, smartwatches, small home servers, IoT devices and maybe still a desktop computer at our office. We want to access our data from all this devices and switch during work between the devices seamlessly. That’s one of the main reasons why software as a service (SaaS) and the cloud became popular. Software which runs on a server and all the devices can connect to it. But of course this comes with a price, it means that we are relaying more and more on someones else computer instead of running the programs on our own computer. We lose control. This is not completely new, some of this solutions are quite old, others are rather new, some examples are mail servers, social networks, source code hosting platforms, file sharing services, platforms for collaborative work and many more. Many of this services are build with Free Software, but the software only runs on the server of the service provider and so the freedom never arrives at the user. The user stays helpless. We hand over the data to servers we don’t control. We have no idea what happens to our data and for many services we have no way to get our data again out of the service. Even if we can export the data we are often helpless because without the software which runs the original service, we can’t perform the same operations on our own servers.

We can’t turn back the time



We can’t stop the development of such services. History tells us that we can’t stop technological progress, whether we like it or not. Telling people not to use it will not have any notable impact. Quite the opposite, we the Free Software movement would lose the reputation we build over the last decades and with it any influence. We would no longer be able to change things for the better. Think again what Richard Stallman did about thirty years ago. He grew up in a world where software was free by default. When computers become a mass market product more and more manufactures turned software into a proprietary product. Instead of developing the powerful idea of Free Software, Richard Stallman could have decided to no longer use this modern computers and ask people to follow him? But would have many people joined him? Would it have stopped the development? I don’t think so. We would still have all the computers as we know them today, but without Free Software.

That’s why I strongly believe that, like thirty years ago, we need again a constructive and forward looking answer to the new challenges, brought to us by the cloud and SaaS. We, the Free Software community, need to be the driving force to lead this new way of computing into a way that respect the users freedom. Same as Richard Stallman did it back then by starting the Free Software movement. All this is done by people, so it’s people like us who can influence it.

Finding answers to this questions requires us to think in new directions. The software license is still the corner stone. Without the software being Free Software everything else is void. But being Free Software is by now means enough to establish freedom in the world of the cloud.

What does this mean to software freedom?



Having a close look at cloud solutions, we realise that it contains most of the time two categories of software. Software that runs on the server itself and software served by the server but executed on the users computer, so called JavaScript.

Following the principle of the well established definition of software freedom, the software distributed to the user needs to be Free Software. I would call this the necessary precondition. But by just looking at the license of the JavaScript code we are trying to solve today’s problems with the tools of the past, completely ignoring that in the world of SaaS your computer is no longer the primary device. Getting the source code of the JavaScript under a Free Software license is nice but it is not enough to establish software freedom. The JavaScript is tightly connected to the software which runs of the server so users can’t change it a lot without breaking the functionality of the service. Further, with each page reload the user gets again the original version of the JavaScript. This means that, with respect to the users freedom, access to the JavaScript code alone is insufficient. Free JavaScript has mainly two benefits: First, the user can study the code and learn how it works and second, maybe reuse parts of it in their own projects. But to establish real software freedom a service needs to fulfil more criteria.

The user needs access to the whole software stack, both the software which runs on the server and the software which runs the browser. Without the right to use, study, share and improve the whole software stack, freedom will not be possible. That’s why the GNU AGPLv3 is incredible important. Without going into to much details, the big difference is how the license defines the meaning of “distribute”. This term is critical to the Free Software definition. It defines at which point the rights to use, study, share and improve the software gets transferred to a user. Typically that happens when the user gets a copy of the software. But in the world of SaaS you no longer get a real copy of the software, you just use it over a network connection. The GNU AGPLv3 makes sure that this kind of usage already entitles you to get the source code. Only if both, the software which runs on the server and the software which runs on the browser is Free Software, users can start to consider exercising their freedom. Therefore my minimal definition of freedom respecting services would be that the whole software stack is Free Software.

But I don’t think we should stop here. We need more in order to drive innovation forward in a freedom respecting way. This is also important because various software projects already work on it. Telling them that these extra steps are only “nice to have” but not really important sends the wrong message.

If the whole software stack is Free Software we achieved the minimum requirement to allow everyone to set up their own instance. But in order to avoid building many small islands we need to enable the instances to communicated with each other. A feature called federation. We see this already in the area of freedom respecting social networks or in the area of file sync and share. About a year ago I wrote an article, arguing that this is a feature needed for the next generation code hosting platforms as well. I’m happy to see that GitLab started to look into exactly this. Only if many small instances can communicate with each other, completely transparent for the user so that it feels like one big service, exercising your freedom to run your own server becomes really interesting. Think for a moment about the World Wide Web. If you browse the Internet it feels like one gigantic universe, the web. It doesn’t matter if the page you navigate to is located at the same server or on a different ones, thousands of kilometres away from each other.

If we reach the point where the technology is build and licensed in a way that people can decide freely where to run a particular service, there is one missing piece. We need a way to migrate from one server to another. Let’s say you start using a service provided by someone but at some point you want to move to a different provider or decide to run your own server. In this case you need a way to export your data from the first server and import it to the new one. Ideally in a way which allows you to keep the connection to your friends and colleagues, in case of a service which provides collaboration or social features. Initiatives like the User Data Manifesto thought already about it and gave some valuable answers.

Concolusion



How do we achieve practical software freedom in the world of the cloud? In my opinion this are the corner stones:
  • Free Software, the whole software stack, this means software which runs on the server and on the users browser, needs to be free. Only then people can exercise their freedom.
  • Control, people need to stay in control of their data and need to be able to export/import them in order to move.
  • Federation, being able to exercise your freedom to run your own instance of a service without creating small islands and losing the connection to your friends and colleagues.
This is my current state of thinking, with respect to this subject. I’m happy to hear more opinions about this topic.


 

Nextcloud Conference 2017: Free Software licenses in a Nutshell


At this years Nextcloud conference I gave a lightening talk about Free Software licenses. Free Software developers often like to ignore the legal aspects of their project, still I think it is important to know at least some basics. The license you chose and other legal decisions you make are a important cornerstone to define the basic rules of the community around your code. Making good choices can enable a level playing field for a large, diverse and growing community.

Explaining this huge topic in just five minutes was a tough challenge. The goal was to explain why we are doing things the way we are doing it. For example why we introduced the Developer Certificate of Origin, a tool to create legal certainty, used by many large Free Software initiatives such as Linux, Docker or Eclipse these days. Further the goal was to transfer some knowledge about license compatibility and give some useful pointers for app developers how to decide whether a third party license is compatible or not. If the five minute lightening talk was to fast (and yes, I talked quite fast to match the time limit) or if you couldn’t attend, here are the slides to reread it:
[Note: This blog contain some presentation slides, go to the original page to see them.]


 

Freie Software auf den Fellbacher Weltwochen


Nächsten Monat werde ich auf den Fellbacher Weltwochen zum Thema Freie Software sprechen. Der Titel meines Vortrags lautet “Digitale Abhängigkeit vermeiden - Mit Freier Software für gute Bildung und eine starke und unabhängigen Wirtschaft sorgen” und darum geht es:
Software ist heute aus dem Alltag nicht mehr weg zu denken. Laut einer Studie interagieren wir im Schnitt mehr als 300 mal am Tag mit Software. Damit nimmt Software eine Schlüsselrolle in unserem Leben ein. Sie entscheidet über unsere Möglichkeiten am kulturellen Leben teilzunehmen, über unsere Bildung und unsere Möglichkeiten am Arbeitsmarkt. Proprietäre Software, also Software welche als eine Art Black-Box ausgeliefert wird, macht es unmöglich diese zu verstehen und eigene Lösungen darauf aufzubauen. Niemand außer dem Hersteller, welcher in der Regel aus einem reichen westlichen Land kommt, ist in der Lage Fehler zu beheben oder die Software an lokale Gegebenheiten anzupassen. Mit dem Export dieser Software in wirtschaftlich schwächere Länder laufen wir Gefahr neue, diesmal digitale, Kolonien zu errichten indem wir den Menschen zwar auf den ersten Blick nützliche Werkzeuge in die Hand geben, sie aber gleichzeitig abhängig von wenigen großen Unternehmen machen. Damit nehmen wir den Menschen jegliche Möglichkeit diese neue Kulturtechnik zu verstehen und für sich zu nutzen. Freie Software, also Software die jeder verwenden, studieren, anpassen und weitergeben kann, bietet hier einen Ausweg. Mit Freier Software exportieren wir nicht nur Werkzeuge sondern Wissen, was die Basis für gute Bildung, Unabhängigkeit und nicht zuletzt für eine starke lokale Wirtschaft bildet.
Image/photo

Interessant? Dann freue ich mich auf euren Besuch und spannende Diskussionen am 20. Oktober in der Volkshochschule Fellbach, Theodor-Heuss-Str. 18, im Raum Nummer 07. Einlass 18:30 Uhr. Sobald ich meine Folien fertig habe, werde ich diese hier selbstverständlich veröffentlichen.
Hört sich auf alle Fälle interessant an, ich war nur leider nicht in der Gegend ;-)



 

Welcome to my new Homepage


Finally I moved my homepage a a complete static page powered by Hugo. Here I want to document some challenges I faced during the transition and how I solved them.

Basic setup



As already said I use Hugo to generate the static sites. My theme is based on Sustain. I did some changes and uploaded my version toGitLab.

I want to have all dependencies like fonts and JavaScript libraries locally, so this was one of the largest changes to the original theme. Further I added a easy way to add some share buttons to a blog post, like you can see at the end of this article. The theme also contains a nice and easy way to add presentations or general slide shows to the webpage, some examples can be seen here. The theme contains a example site which shows all this features.

Comments



This was one of the biggest challenges. I had some quite good discussion on my old blog powered by Wordpress so I don’t want to lose this feature completely. There are some solutions for static pages but non of these are satisfying. For example Staticmanlooks really promising. Sadly it only works with GitHub. Please let me know if you know something similar which doesn’t depend on GitHub.

For now I decided to do two things. By default I add a short text at the end of each article to tell people to send me a e-mail if they want to share or discuss their view on the topic. Additionally I can add to the meta data of each posts a link to a Friendica post. In this case the link will be added at the end of the article, inviting people to discuss the topic on this free, decentralised and federated network. I have chosen Friendica because it allows users to interact with my blog posts not only with a Friendica account but also with a Diaspora, GNU Social, Mastodon or Hubzilla account. If you have a account on one of these networks and want to get updates about new blog posts in order to participate in conversations around it, followthis Friendica account. I also created a more detailed descriptionfor people new to the world of free social networking.

Deployment



After all the questions above where answered and a first version of the new webpage was in place, I had to find a easy way to deploy it. I host the source code of my homepage on GitLab which has a nicely integrated CI service which can be used to deploy the webpage on any server.

Therefore we need to add a CI script called .gitlab-ci.yml to the root of the repository. This script needs to contain following (please adjust the paths):
image: publysher/hugo

before_script:
- apt-get update
- apt-get --yes --force-yes install git ssh rsync
- git submodule update --init --recursive

pages:
script:
- hugo
- mkdir "${HOME}/.ssh"
- echo "${SSH_HOST_KEY}" > "${HOME}/.ssh/known_hosts"
- echo "${SSH_PRIVATE_KEY}" > "${HOME}/.ssh/id_rsa"
- chmod 700 "${HOME}/.ssh/id_rsa"
- rsync -hrvz --delete --exclude=_ public/ schiesbn@schiessle.org:/home/schiesbn/websites/schiessle.org/htdocs/
artifacts:
paths:
- public
only:
- master

We need to create a ssh key-pair to deploy the webpage. For security reasons it is highly recommend to create a ssh key used only for the deployment.

The variables SSH_HOST_KEY and SSH_PRIVATE_KEY need to be set at GitLab in the CI settings. SSH_PRIVATE_KEY contains the private ssh key which is located in the ~/.ssh directory.

To get the right value for SSH_HOST_KEY, we run ssh-keyscan <our-webpage-host>. Once we executed that command, we should see something similar to schiessle.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCtwsSpeNV.... Let’s copy this to theSSH_HOST_KEY value in our GitLab settings.

Finally we need to copy the public ssh key to the .ssh/authorized_keys file on the web-server to allow GitLab to access it.

Now we are already done. The next time we push some changes to the Github repository GitLab will build the page and sync it to the web-server.

Using the private key stored in the GitLab settings allows everyone with access to the key to login to our web-server. Something we don’t want. Therefore I recommend to limit the ssh key to only this one rsync command from the .gitlab-ci.yml file. In order to do this, we need to find the exact command send to the web-server by adding-e'ssh -v' to the rsync command.

Executing the rsync command with the additional option should result in something like:
debug1: Sending command: rsync --server -vrze.iLsfxC --delete . /home/schiesbn/websites/schiessle.org/htdocs/
we copy this command to create following .ssh/authorized_keys entry:
command="rsync --server -vrze.iLsfxC --delete . /home/schiesbn/websites/schiessle.org/htdocs/",no-pty,no-agent-forwarding,no-port-forwarding,no-X11-forwarding ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7Sf/PDty0d0SQPg9b+Duc18RxPGaBKMzlKR0t1Jz+0eMhTkXRDlBMrrkMIdXJFfJTcofh2nyklp9akUnKA4mRBVH6yWHI+j0aDIf5sSC5/iHutXyGZrLih/oMJdkPbzN2+6fs2iTQfI/Y6fYjbMZ+drmTVnQFxWN8D+9qTl49BmfZk6yA1Q2ECIljpcPTld7206+uaLyLDjtYgm90cSivrBTsC4jlkkwwYnCZo+mYK4mwI3On1thV96AYDgnOqCn3Ay9xiemp7jYmMT99JhKISSS2WNQt2p4fVxwJIa6gWuZsgvquP10688aN3a222EfMe25RN+x0+RoRpSW3zdBd
Now it is no longer possible to use the private key, stored at GitLab to login to the web-server or to perform any other command than this specific rsync command.

Interesting observation



I run this static webpage now for a few weeks. During this weeks I got quite some email from people interested in some topic I write about in my blog. This are not new blog articles, but posts which where already online for quite some time. Somehow it looks like more people find this articles after the transition to a static site. Maybe search engines rate the static site higher than the old Wordpress page? I don’t know, maybe it is just a coincidence… but interesting.


 

Keynote at Open16 - Restore the Internet


This year I was invented to the Open16 in Mechelen (Belgium) to give a keynote. It was a really nice event with many interesting presentation and talks.

I was asked by the organizer to started the keynote with the history of Nextcloud. Why did we started Nextcloud and what do we want to do different. Then I moved on with the main topic: “Restore the Internet - free, decentralized, open”. Why it is important and what we are doing at Nextcloud to make it happen. This are the slides to my talk:
[Note: This blog contain some presentation slides, go to the original page to see them.]


 

Freie Software in Politik und Gesellschaft bei der Grünen Jugend Baden-Württemberg


Ich war heute bei der Grünen Jugend Baden Württemberg zu einem Workshop in Karlsruhe eingeladen. Thema des Workshops war die politische und gesellschaftliche Bedeutung Freier Software. Der Workshop wurde sehr gut angenommen und es ergaben sich anschließend noch viele interessante Diskussionen. Hier sind die Folien meiner Präsentation:
[Note: This blog contain some presentation slides, go to the original page to see them.]