by LukasReschke on 12/14/15, 9:04 AM with 84 comments
by scr4ve on 12/15/15, 3:21 AM
- "logging changes": https://github.com/owncloud/core/commit/eea96298951805dfc6eb... vs https://owncloud.org/security/advisory/?id=oc-sa-2014-020
- ownCloud is a PHP application with quite a few third-party modules of varying quality. Looking at the security history of Wordpress, it's not hard to imagine what's going to happen.
- The maximum bug bounty for ownCloud is 500 USD. I think my data easily exceeds that.
- From what I've heard, security fixes are provided to enterprise customers first, so if you're lucky your adversary is one of them and knows about vulnerabilities way ahead of you.
To their credit, ownCloud openly publishes security advisories for every vulnerability, but I still think it's architecturally designed to fail. Exposing this to the internet is probably a bad idea. If you just need storage, you probably should just use dumb storage. If you need project management stuff and care about privacy, maybe look at https://protonet.info/ or something along those lines. Also https://www.boxcryptor.com is really nice - the Dropbox desktop client does proper cert pinning (ownCloud doesn't) at least.
Other than that, storage connected to a raspi via USB will probably yield rather bad transfer speeds?
by Shank on 12/15/15, 4:03 AM
Maybe I'm being cynical, but the way the first paragraph is worded seems a bit odd. Is the goal of this project to act like free R & D for ways to deploy this or make it compartmentalized? It seems like it. Why would you send 10 developer units out, require proposals, etc.? No compensation is offered -- just a devkit.
> This is where you come in! We’re looking for concrete proposals and offers for help. Can you build a disk image which boots up and allows a laptop to find it over the local network? Can you create a setup optimized for performance on the Pi? Can you write a simple web interface to finish configuring the Pi or to check how it is running? Develop a backup tool? We’re looking for creativity here!
Fantastic, that sounds a lot like crowdsourcing your product development.
> Sometime in February or March you can expect ownCloud and Western Digital Labs to release a goodie – and you will be there with a big thank-you in the manual!
A thank-you in the manual. My goodness!
> This is a project of the ownCloud community, not ownCloud, Inc.
But who's going to be shipping the final product, with the fixes that someone makes, and gets the thank-you in the manual? The ownCloud community?
by pjc50 on 12/15/15, 1:44 PM
Having an open-source version supported by WD is much better than having a random closed-source web UI on your NAS.
by 0942v8653 on 12/15/15, 3:01 AM
Is there a way to run OwnCloud along with a typical system (really, an ssh server and a few utility programs) on the Pi? It's mentioned as an SD card image, but it would be nice to run it on top of a normal Raspbian or Arch installation.
by lisianne on 12/15/15, 3:37 AM
by LordKano on 12/15/15, 4:20 PM
It was estimating over a year to sync a directory that was about 180 GB in size. That's just not going to cut it.
by kstenerud on 12/15/15, 9:09 PM
I run a number of web apps as separate docker containers, and use nginx as a frontend to force everything to HTTPS. Is there anything that these cloud products provide over and above what I have now?
by joshmn on 12/15/15, 3:55 AM
by aaronem on 12/15/15, 4:17 PM
I sure hope that's not the configuration they RTM with, because they're going to have a lot of people upset about disk failure and data loss if they do.
by bqjfwkbwkjfb on 12/15/15, 4:29 AM