Thoughts and updates

Dear all,

It has been a while since we posted anything on what is really going on, so here is an update of the current on-goings.

Let us first talk a bit more in general on the current situation at OpenProducts. As you most likely know OpenProducts is currently a two man show. It is me, PA, and Tor that run OpenProducts. We do this because we firmly believe there should be alternatives to providing all your personal data to an external entity, and also because we love developing cool and interesting products we want for our selfs. However the current situation does not allow us to do this full time, OPI simply does not provide the revenue needed for this.

Since we still need food on the table that requires us to do work elsewhere and since both of us have done freelancing in embedded software and hardware for the better part of the last 15 years we do this to keep us and OpenProducts afloat. We do consulting on and off and sometimes both of us have external assignments, sometimes one of us do it while the other works solely with the thing we really care about, working on our own products and projects.

Our long time goal is of course to be able to focus 100% on internal development and make OPI and its successors the creation we really want it to be. We can assure you that there is no lack of ambition or ideas on what to do. But in the mean time we have limited resources, i.e. hours, that we can spend on internal development.

But let us get back to what is currently going on with our internal development.

We have now completed the move of our servers. This included our physical backup servers moving from Sjรถbo/Ystad to Landskrona/Lund. Any data that is sent to our backup servers is still in Sweden and still all data is encrypted locally on OPI using a key derived from your master password before sent to our servers. We have also moved our DNS servers so there has been quite a lot to do in order to migrate this fully. Besides some tuning for the backup service, it seems to have worked well.

We are also working on a major software update. We know that we have hinted on this earlier, especially an update of the Owncloud application that is long overdue which we are painfully aware of. The delay is actually partly due to this upgrade. It turned out that the newer versions of Owncloud split up essential components and demoted the calendar and contacts applications to a “not stable” status. This complicated our upgrade path significantly.

In the light of this we actually decided to turn this into a major upgrade and do a complete overhaul of the software stack.ย  The new software version will include among other features:

  • Updated distribution to be based on Ubuntu 16.04 LTS
  • Updated web applications such as:
    • Upgrading to Owncloud 9 or possibly Nextcloud 11
    • Upgrading Roundcube to 1.2
  • New certificate options
    • Default we will move to Let’s Encrypt. This means that you will now get a green location bar and no questions and warnings about using a potentially dangerous certificate in the browser
    • Added option to supply a custom certificate to be used by the web server

Our goal is to be able to release this early this spring, hopefully with some other surprise options as well!

Finally we have also started to look at a new hardware platform! Main focus on this is to replace OPI with an enhanced successor. ย  We would loveย  to hear from you what would be your top priorities for that! More storage, external drives, integration with X,Y, and Z? All inputs are welcome.

/PA & Tor

pa
About

Founder of OpenProducts

Posted in Uncategorized
10 comments on “Thoughts and updates
  1. Kim says:

    Hi guys,

    Thank you – thank you – thank you!!!

    I was beginning to ‘sweat’ a bit to be honest but had (have still;-) high hopes in you guys and offcourse sympathy for your financial woes when it comes to the OPI-project….

    Btw, I really hope for NextCloud instead of a slowly ‘dying’ OwnCloud-platform… and i dont really care for calendars and the like – only stable, secure storage+email! But i realize others might have other needs…

    The second you release a stronger cpu/platform for running your future OPI-version im so onboard! (RAM + raw CPU for a more responsive system would be wonderful)
    Also some more ‘security’-related features onboard/builtin to the system without having to mingle with terminal and potentially fu the thing… (fail2ban etc etc)

    Just wished you kept us more in the loop in general…

    Also wish for a more active userbase/forum but i suspect that somehow goes hand in hand with my previous comment;-)

    An OPI-specific WiKi solution/help for the less linux-proficient would also be highly welcomed….

    Looking VERY much forward to what you guys do come up with in spring (or/and anything else before that;-)

    Ok- this turned out longer and messier than anticipated – bear with me – and a Happy New Year and best for the future!

    Best
    Kim

  2. pa pa says:

    It is always great to hear from you!

    I totally agree, we should be more active here, and try to encourage the userbase to take part, but it is too easy to just get caught up with spending the available time on development..

    /PA

  3. trstone says:

    PA and Tor,

    Thank you for all your efforts on this project. I use opi everyday.

    Now for some feedback .. below is my two cents ๐Ÿ™‚

    you say “we firmly believe there should be alternatives to providing all your personal data to an external entity, and also because we love developing cool and interesting products we want for our selfs.”

    I suppose my question is how much do you care about personal privacy and security (what level)? or is this just an interesting project? Please understand that this question is not to offend anyone. I’m asking because I am fixing to make some changes and I want to know if I should keep my wagon attached to your’s ๐Ÿ™‚ What prompted this line of questioning is when I found out that your servers are located in Sweden. Are you aware that Sweden is one of the “fourteen eyes” countries. If you don’t know what that is .. please use a search engine like startpage.com (startpage dot com in case the forum automatically removes website links) to find out.

    While your searching. you may want to check into Iceland for privacy and security. Many privacy consultants that I’ve researched speaks volumes about this country. Also, specific websites like https://www.orangewebsite.com (orangewebsite dot com in case the forum automatically removes website links). Notice I didn’t put an affiliate link (because my concern is privacy and security of my data .. not nickel and dime-ing you). Read an article a while back about where your data is physically stored (disk in a server) determines the jurisdiction over it. It would be better to use .is instead of .com too (again just my two cents worth). Anyway, I know the data is encrypted. I also know that encrypted data gets leaked (accident or not) all the time. I would just feel safer with my data going through a country that I know will fight for my privacy (like Iceland) and won’t share any of my data unless an Iceland court deems it is necessary (read on orangewebsite – this doesn’t happen). A true safe haven for journalist and whistle blowers due to the way they handle privacy. They aren’t perfect but I do think they have this one right ๐Ÿ™‚ By the way, I’m willing to pay to assist. I will continue to put my money behind you provided you are serious about privacy and security!

    Things I’d like to see in the next iteration of opi:

    a new enhanced hardware platform would be truly welcome.

    more storage options:
    external storage (nextcloud has a feature for this)
    is smb storage an option? if so, sign me up

    nextcloud instead of owncloud

    calendar (of course)

    email (of course)

    video chat (nextcloud has a app for this)

    add tagspaces – https://www.tagspaces.org/ (tagspaces dot org in case the forum automatically removes website links) This and amazing app that truly enhances a personal cloud experience. I have the pro version and love it. It has a free version. Anyone could easily upgrade if they choose. Please consider placing the free version within opi ๐Ÿ™‚

    ability to donate to you. (don’t forget to add bitcoin and other cryptocurrencies as an option ๐Ÿ™‚ )

    thank you for your time and have a great day.
    trstone

    • pa pa says:

      Thanks for an interesting post trstone,

      To what level do we care about privacy and security is a very difficult question to answer. We care so much that we spend as much time we can, developing systems that can help do this and investing both time and money to do it. But it is hard to define “how much”. We do not totally let it dictate our lives, but we try not to use services that track you more than we have to, both in personal use and professional.

      For instance, we do collect statistics on our website, but we do that using piwik running on our own servers, not Google analytics. We try to run OpenProducts the best we can with privacy and security in mind at all times. It is however not always feasible. I run an Android phone for convenience, and that pretty much messes up my personal privacy even if I share as little with Google as possible. But right now I do not have the time and energy to run something else. I am rather spending time on OpenProducts.

      And unfortunatley, we do not have time to be totally up to date with all jurisdiction, but I think that you are right that the law that is applied to the server that holds the data is where is is physically located, thus Swedish law in our case.

      Then, when it comes to Sweden being part of the “fourteen eyes” countries, that is true. But I do not think that this matters very much, a lot of data traffic goes through these countries no matter what you do, thus these eyes are on you anyway. Unless you happen to live on Iceland… We took the decision that it is better for us to have the servers close by, in a country that we at least have some knowledge of the law.

      Further more regarding backups, we are also working on more options on how to utilize that. This should give you, the end user, an easy way to do secure backups on more backends than todays somewhat limited selection.

      I hope that this explains a bit about our situation and that you still want to keep your wagon attached to ours. ๐Ÿ™‚

      We appreciate the input both on the situation and on input for the coming product!

      • Rodney says:

        Personally made the switch to Nextcloud Box about 3 months ago. It was a Snap (pun intended) to setup. I wonder does it make any sense to try and produce hardware to compete ? Is it really a good idea to backup all your data on a server not under your own control? Also looking for any way to re purpose my old OPI any ideas?

  4. R says:

    Thanks for the update PA.

    I use my OPI for secure storage of contacts and documents. It is really the only solution that I trust at the moment. Ideally, I want to put larger files, and access them faster (opening that InstantUpload folder with mobile phone images takes forever!). I’ve been looking for some NAS solution, but never taken the leap because they cannot offer me a full system encrypted solution. It is still the case of only encrypting certain folders, which is not enough for (paranoid) me. So for me, the next-gen OPI can very well be a NAS-like device, with more CPU, possibility to attach multiple external drives, raid, and so on. But security is foremost and your unique selling point!

    Kindest regards from a west-Scanian user!

  5. STRIKER says:

    I’m maybe not the best one to comment as i just purchased my OPI and haven’t received it yet. I’d definitely buy a newer version if/when available as it seems everyone is having a good, secure experience.

    I’m with R on this one, more CPU, the ability to attach multiple external drives in usb-c with the possibility of a raid setup would be stellar. Security is definitely the primary concern as is redundancies/local back up abilities. VPN functionality would be a great addition too. Contacts/Calendar are vital, please don’t drop that.

  6. Richard says:

    I have been using the opi for calendar and contacts (mostly) since it came out, but I have getting a little concerned about the age of the opi’s underlying owncloud software. Especially since nextcloud did its security probe a few months ago

    Security is my primary concern, so NextCloud would seem to be the better upgrade option. Calendar, contacts and files are important. I don’t use the email funtionality. Have you considered a creating a secure rasperry pi (or similar) distribution with updates and ssl and backups as a service, rather than build your own hardware?

    • pa pa says:

      Offering our software as some kind of “service” has been up, but it is fun to actually build stuff as well…
      And most other stuff is in my opinion ugly…

      /PA

  7. Jason Grimard says:

    I love my opi, I would like some more storage capabilities. I know have 3+ people using my opi and the sd card might be getting a little full. I would like Nas space for storage, Calender, more email features like email blocking. A better way to view and manage photos uploaded to the opi.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Blue Captcha Image
Refresh

*