NextCloud founder Frank Karlitschek joins us to discuss the recent remote version checking initiative of private NextCloud instances, the controversial notifications sent by ISPs to users found to be running out of date NextCloud instances & the larger security problems facing all open source projects like NextCloud.

Plus why Chromebook usage surging past Linux in the last year is a good thing, picks, news of the week & more!

RSS Feeds:

HD Video Feed | Large Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feed | Torrent Feed

Become a supporter on Patreon:

Patreon

— Show Notes: —


LinuxAcad

Brought to you by: Linux Academy

Frank Karlitschek | Twitter

Founder of Nextcloud, founder of ownCloud, Free Software Developer, former KDE e.V. board member, photographer and founder of openDesktop .org

Nextcloud scanning people’s owncloud and nextcloud instances for security vulnerabilities.

“While researching the product versions being used, his employees noticed that many customers were using disturbingly old software in order to store their data on the web. Karlitschek then informed the Cert emergency team at BSI. He says it was clear to him after the politically motivated hacker attacks in the U.S. that this was also “an explosive issue.”

While developing the security scanner we had a look at the state of security of private cloud servers online. Many administrators might not be aware how easy it is to get a list of servers on the web! Services like shodan.io provide the ability to search for specifics and it is simple to get a list of tens of thousands of instances and look at them.

Reporting that information to a third party after that is pretty hard to justify in my mind regardless of whatever ‘greater good’ argument you can make regarding internet security. That is simply not the way white hats work. You can’t report vulnerabilities to a third party without trying to contact the party in question first.

This is doubly important because it appears you picked up some residential users by accident. Nearly everyone on this sub does /r/selfhosted because they don’t like third parties to hold their info. The whole idea of a private cloud to protect privacy is the #1 selling point on your own website. On top of the privacy concerns, nearly every home user running nextcloud is doing so against their ISPs TOS. That makes the privacy issues doubly important because they could lose the ability to host their cloud altogether.

EDIT: I’d like to further add, that the integrity of an OSS project is entirely dependant on trusting the devs. Very few people have the time of skill to go through all the code themselves and so trusting OSS is akin to trusting the devs that run the show. If we can’t trust the devs, it may as well be closed source. Again, especially in this sub, there is a reason people like to use OSS. It’s pretty hard to justify using nextcloud if people can’t trust the devs to be open and transparent.

— PICKS —

Runs Linux

Gemini PDA Android & Linux keyboard mobile device

Planet Computers introduces the Gemini PDA from Planet Computers on Vimeo.

Gemini is an ultra-thin clamshell mobile device with fully integrated tactile QWERTY keyboard, that fits in your pocket. Designed for Android, it also features a dual boot Linux option. Gemini is fully equipped with 4G, WiFi & Bluetooth enabling both data communications and mobile phone calls.

Desktop App Pick

Tweet Nest

A browsable, searchable and easily customizable archive and backup for your tweets

Distro of the Week

Plasma 5 ISO Update March

View post on imgur.com

We are proud to announce a fresh new Update for our Plasma 5 version of Neptune 4.5.

This version brings the latest and greatest of the Plasma 5 world to you. This includes Plasma 5.8.5 together with the desktop fix for contextmenu aswell as Dolphin 16.12.2, Kdenlive 16.12.2, Chromium 56, Icedove 45.6.


— NEWS —

Libreboot calls on AMD to release source code and specs on new Ryzen platforms

Just imagine what would happen if AMD started to produce cheap, affordable
libre hardware, to the point where Libreboot could start supporting newer systems
from AMD. The possibilities are endless! People would jump towards AMD
and AMD’s sales would go through the roof, while we in the libre hardware
community would finally have systems from a manufacturer that cares for
our freedoms to use our computers without proprietary software.

Firefox 52 Released with WebAssembly Support, Enhanced Sync

Firefox drops NPAPI support in this release (a change we’ve known about for a long time) for everything bar Adobe Flash. While this sounds trivial it does mean that GNOME users can’t install GNOME extensions from the GNOME Extensions website using Firefox as-is, as of this release.

The browser will now only run Flash. Anything else reliant on the Netscape Plugin API (NPAPI) is now verboten. Which means Silverlight, Java and Acrobat are gone, daddy, gone.

Chrome OS Has Double the Marketshare of Regular Linux in USA

Chrome OS usage is up by over 50% compared to the previous year, when the thin-client OS hit a then-high of 2.02%.

Feedback:

Mail Bag

Laptop Reviewed on LAS – Sold on Ebay

Hi Noah! This isn’t really a question about the product. I just wanted to contact you. It’s hilarious because in the LAS episode, you were asked how and when do you run into LAS fans… well, here I am!

I’ve been on the market for an x260 since you unveiled your purchase in LAS episode 422, so I was shocked and excited to see the first great priced one I came across (fully equipped with WWAN too!) that wasn’t 720p belonged to you! Happy to be buying from you! Even more happy to escape 4GB of ram soldered and be able to use GNS3 on my laptop without sweating πŸ™‚

Please be sure to mention your impressions of the X270 on LAS if you get the chance πŸ™‚ I also have two requests if you don’t mind:

  1. Please keep the LAS sticker on the windows key!

  2. You don’t need to load windows on it, if you haven’t already! πŸ™‚ 100% Linux here.

The laptop remains as pure as the day you got it and installed Linux without a single boot into Windows! That’s good news πŸ™‚

I’ll make a post on /r/linuxactionshow when I receive the laptop πŸ™‚

p.s. I find it quite funny that the laptop is priced the same as the Galago Pro 13″ starting price πŸ˜‰ Even though you posted this before SCALE.

-Mark

  • Name Stefan
  • Subject New Format Feedback

  • Message:

Hey there Chris and Noah,

First and foremost: I love the show, keep up the great work.

In my opinion the new show format is perfect for attracting new viewers, because there is nothing more disappointing on youtube than clicking on a video and having to listen trough like 40 min of random stuff before you get to the the actual information you want to hear about.

That said, I also have an Idea for the show notes (and yes I know this is a lot of work, but it would be very convenient for the viewers): timestamps for different topics during the show like “Bad Voltage” (http://www.badvoltage.org/2017/02/23/2×04/) does.

e.g. [00:14:22] Disassembled: Gitlab…

So if I wanted to listen to the Gitlab story first I could skip to that time, or if I don’t want to hear > about Gitlab on yet another Podcast I could skip to the next timestamp.

Just to be clear, I don’t want to tell you how to publish your Podcast, I’m just saying it would be convenient.

Also, an idea for an app pic:

Because I know you guys love CLI tools: Pandoc (http://pandoc.org/)
Pandoc is for text what ffmpeg is for audio/video or imagemagic is for pictures
It translates every text format you’ll ever use into every other text format you’ll ever want. You could even convert HTML to epub (gigantic wikipedia pages into eBooks)

Cheers
Stefan aka thefenriswolf

Catch the show LIVE SUNDAY:

— CHRIS’ STASH —

Chris’s Twitter account has changed, you’ll need to follow!

Chris Fisher (@ChrisLAS) | Twitter

Hang in our chat room:

irc.geekshed.net #jupiterbroadcasting

— NOAH’S STASH —

Noah’s Day Job

Altispeed Technologies

Contact Noah

noah [at] jupiterbroadcasting.com

Find us on Twitter

Question? Comments? Contact us here!