The article starts with Murena, Punkt, Volla which are all based on Android. If you do this, then imho you must mention GrapheneOS, the by far better option (updates, privacy, security, organisation).
Google Pixel with GrapheneOS is the best non-Google phone... ;-)
It's incredibly funny, because a lot of these companies behave the same as the duopoly that people try to get away from. Murena's CEO repeatedly stated that security hardening is only needed for secret agents and criminals (explicitly calling out child porn), pushing the same narratives as the people pushing chat control, age verification, etc.
Volla and Murena are pushing Unified Attestation, a similar system to Google Play Strong Integrity, that they can use to block competition.
Besides that, both Murena and Volla have abysmal security and Volla is mostly in the business of German-washing Chinese smartphones. E.g. their Volla Phone Quintus is a smartphone designed by an Emirates company, largely produced in China, that can be had for 150 Euro new on the ebay.ae .
As much as I like graphene it is literary running on google hardware (atm) and uses asop. Even if it is a really good option is you want to run degoogled and secure android.
You don't need any Google stuff on it. Isolated Play Services is an option, so is Play Store. It's not installed ootb. I don't get why you'd prefer to run less secure options on hardware that isn't on par with Pixels or iPhones and expect to get a secure OS.
I mean.... Android is aosp. And if you want to run degoogled GrapheneOS you just don't install Google services. Out of the box it does NOT contain any - but /e/OS ships with the privileged microG, which means that Android Auto or Google Play Store have privileged access to the phone.
So I'm not sure how can you suggest GOS is less "degoogled" while not shipping anything but allowing to install sandboxed / constrained play services, while comparing it to /e/OS which ships with a privileged plug.
Also, if you want to run a secure android, that's not /e/OS either.
That privileged plug in /e/os makes push notifications work, and you can enable just those and leave Android Auto, G Play Store and whatnot disabled. Not much privacy risk - I think?
On the other hand, while GOS is running Google services sandboxed, they are still running and have access to internet. If you try enabling them only when you need push notifications, they will break - notifications stop coming.
Neither system is optimal - can we please get microG sandboxed on GOS, pretty please?
Ehm, microG on /e/OS is talking to Google all the time. They also use proprietary Google blobs for passing basic Play Integrity. /e/OS also gives a bunch of Google apps (including Google Maps and Android Auto) privileged access (you can find the signing key fingerprints in the source code of the /e/OS microG fork).
No Google Maps or Android Auto on my phones, so I don't care much about privileged access - they have none anyway.
No, microG is definitely not talking to Google all the time, NetGuard would warn me if it did. I would assume it is not even running when I disable it (which is easily done, as opposed to stopping Google Services in GrapheneOS) - but to be fair I didn't actually validate that.
I kind of like GrapheneOS otherwise, this is by far my biggest gripe. I can even survive the icons. But avoiding Google (and other big tech) is the reason I am not on a cheaper and more convenient phone with regular Android, so if GrapheneOS refuses to support an alternative to Google Play Services, I'm not too happy about it. If there are real problems with microG then I'm sure the authors would be interested in a better solution too.
>No Google Maps or Android Auto on my phones, so I don't care much about privileged access - they have none anyway.
You don't seem to understand how play service / MicroG work. Maps or Auto Apps aren't the ones having the privilaged access but Play Service and MicroG.
>NetGuard would warn me if it did. I would assume it is not even running when I disable it
Since play services/microg have higher privileges than NetGuard they could just bypass it.
>But avoiding Google (and other big tech) is the reason I am not on a cheaper and more convenient phone with regular Android, so if GrapheneOS refuses to support an alternative to Google Play Services, I'm not too happy about it. If there are real problems with microG then I'm sure the authors would be interested in a better solution too.
That doesn't make any sense at all. GrapheneOS by default has _0_ Google connections unlike LineageOS, /E/ or any other AOSP fork. MicroG is not an alternative to not using play services at all = actually avoiding Google, but a open source reimplementation that still has all the privacy and security issues of regular play services. GrapheneOS sandboxes Google play services only have the privacy issues since just like with MicroG you still connect to Google = not actually avoiding Google.
The issue with no notification without play services can be easily fixed by not using privacy hostile apps which only work with them.
You are missing the point. MicroG allows me to disable it when I want to, and push notifications still work when I (rarely) need to enable it.
It's not about security, it is about privacy. While MicroG in theory could bypass NetGuard, I very much doubt that anyone would bother. My privacy is not that precious.
But as I said, neither solution is great. How about sandboxing MicroG too?
There is no privacy advantage by using MicroG compared to Google play services. You still connect to there service all the same giving privileged access to your device. There is a security AND privacy advantage by using sandboxed google play because they limit the kind of system access it has compared to MicroG/play services.
Again the only advantage of MicroG compared to play services is that it's open source, you still have all the same privacy and security issues.
Its already a lot of work to support the official play services and make them work in a sandbox, supporting another layer in between is more headache than its worth it or they have time/money for. Not to mention that sandboxed play services work with much more feature than MicroG such as android auto.
> There is no privacy advantage by using MicroG compared to Google play services. You still connect to there service all the same giving privileged access to your device.
...assuming you are connected all the time, or at least that the services are running all the time. In my case they are not. I only enable them every once in a while, when I need to be alerted of something. This might not be how most people use their phones, but I do it because there is no way to preserve any privacy at all if you are running Google services 24/7 (sandboxed or not).
I see Google services as malicious software - not security malicious (Google can't risk that) but privacy malicious. This is why I care more about ability to turn them on / off than about what kind of access they have. Even inside the sandbox, as regular apps, they have way too much info about me.
As I said: I would prefer sandoxed MicroG, but given the available options non-sandboxed MicroG is preferable to sandboxed always-on Google services.
When I tested /e/OS a few months back, I found the same.
(which is easily done, as opposed to stopping Google Services in GrapheneOS)
This is incorrect. By default, GrapheneOS does not even have Google Play Services, it is something you have to install explicitly through the GrapheneOS App Store.
I can even survive the icons.
What is the problem with the icons? Only their own icons are black/white. If you install other apps, they'll just have their standard icons.
if GrapheneOS refuses to support an alternative to Google Play Services, I'm not too happy about it
As I mentioned, you can use it without Play Services, it is not even installed by default. But if I have to choose between sandboxed Play Services or privileged microG which loads Google binary blobs into that privileged process (for SafetyNet), I will pick sandboxed Play any day.
That's besides them doing many other weird things. Like their App Lounge does not install F-Droid apps directly from F-Droid, but through middle-man proxy that they do not want to reveal the owner of (cleanapk.org). That combined with Android's TOFU security model makes it a vector for rolling out backdoored applications or intentionally delaying app security updates.
Either they are incompetent or they are malicious.
If there are real problems with microG then I'm sure the authors would be interested in a better solution too.
/e/OS does not use vanilla microG, but their own fork of it.
you are being downvoted because the article considers de-googled versions of android acceptable. and neither are dependent on google in the sense that even if google stopped publishing android source altogether they could continue to develop the versions they already have. that's the whole point of Free Software and Open Source.
Yeah, and that's utter nonsense. Noone is really stepping up to develop Android beyond repackaging it.
If Google decides to remove a feature, GrapheneOS and other forks will end up without it too. If they stop publishing security patches, the forks end up insecure too.
It's just like all the Chrome "forks" when ManifestV2 died. None of them survived for more than a few versions until maintainers lost interest.
Calling any of these Google free is downright lying.
ok, that's probably not the popular opinion, but a reasonable argument.
i think though that the chrome manifestV2 support example is not really applicable to your argument though. chrome still exists, and the removal of a feature is not the same thing as stopping to release sources altogether. if google had stopped releasing chrome sources then some chrome forks with v2 support would still exist. same i believe would be true if google stopped android releases.
same goes for security patches. a lot of effort in forks now is put in keeping up with android (and chrome) releases. if those releases stop then the effort would be able to shift towards security patches. would it be better or worse? hard to say. depends on the resources the forks would manage to gather to do the work.
No, you can't install any 3rd party ManifestV2 extensions in Brave. Neither are they shipping any changes to the browser engine that Google doesn't maintain.
E.g. they tried to implement dark mode website conversion and decided it's too hard to do anything that Google themselves don't do.
so in general the problem is not with supporting v2, the problem is that except for a few special extensions that need v2 features there is no point because all those v2 extensions out there will either be ported to v3 or they will be unmaintained.
the maintainers of chrome forks with v2 support lost interest because the developers of v2 extensions stopped maintaining them.
I wouldn't buy an alternative to a P1S, because only the P1S is the best at being the P1S. (Whatever that might entail)
Instead, I'd look at things from the perspective of "what do I want?" and not "What does the market offer? Okay, I want that thing. But no, I want an alternative to it that is that thing but without downside"
Letting a brand set your frame of reference is the first step into total dependence.
Thanks for your reply. Only used PLA so far. But later I'll need "engineering parts", Nylon/PA12 or something like this. Strong, water and UV resistant, outdoor.
It shouldn't be too complicated and not too expensive. E.g. while the Prusa Core One+ seemed nice (from a superficial look) it costs more than I wanted to spend. P1S came out as the best (barely) adequate printer for what I thought I would need when I looked at it. But it's difficult to say if you are a beginner and basically have no idea...
Yes but what does "equally good job of printing" mean, I wonder.
That's what I meant with "the P1S is the best at being the P1S when measured by the P1S".
I am pretty sure that if you for example do functional PLA parts, there will be many, many more options that tick exactly that box.
I do of course understand that people want to have the mental peace of buying one thing and being told that it can do everything, but, as said, you pay for that emotional labor with lock-in and eventually being rug-pulled.
The only way of not getting rug-pulled is not handing away all of your agency wholesale just for cheap immediate emotional relief.
That's how it works, how it has always worked and how it will always work.
Anyone claiming anything else is in the process of actively scamming you.
The leadership is great. Persistent, patient and friendly.
They were able to improve. I don't think many of the often negative and ad-hominem critics would be able to endure such a pressure as they had in the past.
I "fell" for Comaps but switched back to Organic Maps (where the original real good devs are). Comaps felt a bit too much like fork, "fabricate" nice media and beg for donations. Both are imho inferior to (non-foss) Magic Earth but consume much less power.
We've actually massively held off on begging for donations -- for example we removed the ability of the app to dynamically insert ads into the menus or change the home button to a icon, and massively scaled back our end-of-year fundraising post because we actually have a decent amount of money in the bank. Instead we've chosen to thank contributors for funding our ability to afford better servers etc. What we need more than more money is more volunteerism, which we're happy to see increasing every day!
Stay tuned to CoMaps, we've been releasing two updates with maps per month lately and soon will be able to release maps as often as our servers will allow!
I was happy from the sideline seeing the recent big Zig donations. But this sudden decision is a shock. Technical issues can be worked around (I wish/think), but leaving such a dominant platform? I don't know. For my small small needs Forgejo works great, but for Zig, a project which I hope has a lot of mainstream success, I'm not convinced, that Forgejo/Codeberg is the best fit (atm). Even Graphene OS which has very high standards is (still) on Github, maybe Zig could brood (brüten) a bit longer to decide if it is really time to leave?
This is not an alternative as it only covers files. Mind what is in the article: "I like what Nextcloud offers with its feature set and how easily it replaces a bunch of services under one roof (files, calendar, contacts, notes, to-do lists, photos etc.), but ".
For us Nextcloud AIO is the best thing under the sun. It works reasonably well for our small company (about 10 ppl) and saves us from Microsoft. I'm very grateful to the developers.
Hopefully they are able to act upon such findings or rewrite it with go :-). Mmh, if Berlin (Germany) wouldn't waste so much money in ill-advised ideology-driven and long-term state-destroying actions and "NGOs" they had enough money to fund 100s of such rewrites. Alas...
Why should Germany be wasting public money on a private company who keeps shoveling more and more restrictions on their open-source-washed "community" offering, and whose "enterprise" pricing comes in at twice* the price MS365 does for fewer features, worse integration, and with added costs for hosting, storage, and maintenance?
* or same, if excluding nextcloud talk, but then missing a chat feature
It makes a lot of sense for Germany to keep some independance from foreign proprietary cloud providers (Microsoft, Google); Money very well invested imo. It helps the local industry and data stays under German sovereignity.
I find your "open-source-washed" remark deplaced and quite deragoraty. Nextcloud is, imo, totally right to (try to) monetize. They have to, they must further improve the technical backbone to stay competitive with the big boys.
At the very least their app store, which is pretty much required for OIDC, most 2FA methods, and some other features, stops working at 500 users. AFAIK you can still manually install addons, it's just the integration that's gone, though I'm not 100% sure. Same with their notification push service (which is apparently closed source?[0]), which wouldn't be as much of an issue if there were proper docs on how to stand up your own instance of that.
IIRC they also display a banner on the login screen to all users advertising the enterprise license, and start emailing enterprise ads to all admin users.
Their "fair use policy"[1] also includes some "and more" wording.
This may come as a surprise to you, but there are organizations, for example German municipalities, that have more than 500 users but can't afford to start pumping tens or hundreds of thousands per year into a file sharing service. Nextcloud themselves recognize this and offer 95%+ discounts to edu, similar to what Adobe, Microsoft, and Git[Hub,Lab] are doing.
There is no way it’s going to be completely rewritten from scratch in Go, and none of whatever Germany is or isn’t doing affects that in any way shape or form.
Actually, it's already been done by the former Nextcloud fork/predecessor. OwnCloud shared a big percentage of the Nextcloud codebase, but they decided to rewrite everything under the name OCIS (OwnCloud Infinite Scale) a couple of years ago. Recently, OwnCloud got acquired by Kiteworks and it seemed like they got in a fight with most of the staff. So big parts of the team left to start "OpenCloud", which is a fork of OCIS and is now a great competitor to Nextcloud. It's much more stable and uses less resources, but it also does a lot less than Nextcloud (namely only File sharing so far. No Apps, no Groupware.)
Thanks for sharing this, I've been wanting to look at private cloud stuff but it was all written in PHP. It looks like OpenCloud is majority Go with some php and gherkin, which is a step in the right direction.
I have OpenCloud working on my home server, and it features integration with the Collabora suite of software for office apps. Draw.io is also already supported.
They offer a Docker compose file that sets up Collabora for you, but I can't find anything info on other apps, let alone integration. Where can I see what they support?
You're right, it was my mistake. The docker compose file can set up Collabora for you and allows you to open documents from inside OpenCloud by opening the file in an embedded Collabora view. Likewise, Draw.io works in a similar fashion, opening a view to embed.diagrams.net. Underneath it's just hosting the files and offloads the operations to other apps. It's convenient, but not particularly sophisticated.
There are no "Apps". It's not a universal App platform like Nextcloud. It's just file sharing (and optionally a Radicale calender server via Environment Variable but without UI). There's optional plugins to open vendor specific files right in the browser.
OCIS does only a small part of why people deploy NextCloud. I have run it, it’s great, but it’s not a replacement for the full suite nor is it trying to be.
It makes perfect sense to me that nextcloud is a good fit for a small company.
My biggest gripe with having used it for far longer than I should have was always that it expected far too much maintenance (4 month release cadence) to make sense for individual use.
Doing that kind of regular upkeep on a tool meant for a whole team of people is a far more reasonable cost-benefit analysis. Especially since it only needs one technically savvy person working behind the scenes, and is very intuitive and familiar on its front-end. Making for great savings overall.
I think what you described is basically ownCloud Infinite Scale (ocis). I haven't tested it myself but it's something I've been considering. I run normal owncloud right now over nextcloud as it avoided a few hiccups that I had.
The article starts with Murena, Punkt, Volla which are all based on Android. If you do this, then imho you must mention GrapheneOS, the by far better option (updates, privacy, security, organisation).
Google Pixel with GrapheneOS is the best non-Google phone... ;-)