Kolab.org Groupware Solution

It is a common prejudice that Free Software is not properly documented. Although this has never been true for Kolab, it is still a very complex system and it is almost impossible to document all scenarios it can be used in. Our current documentation ... [More] at docs.kolab.org is quite extensive, but it still lacks information in some areas. It uses DocBook and Publican which proved to difficult to maintain for us. Many people who wanted to help with documentation eventually gave up because it was too complicated and they couldn't get it to compile. That is why we decided to change our documentation technology and start fresh with something new. We are now using Sphinx which allows us to write in a simple Markdown-like language. Our lead developer Jeroen spent quite some time to create new documentation using Sphinx and has made amazing progress. At the moment, the result is still sitting in his webspace and ready for you to check out, but the goal is to ultimately replace the current contents of docs.kolab.org. Please note that this is still a work in progress, but already contains more content and more verbiage than the old documentation. For the purpose of contributing easily, Jeroen has also pushed the git repository he used for the documentation to GitHub. Please feel free to clone it, write some piece of documentation, or tweak the language, and start issuing pull requests. We are also awaiting the awesome software GitLab to be available for Fedora, so that we can rebuild and install it on our servers supplemental to git.kolab.org and move collaboration there.   [Less]

Dear community, Here is a short story of why Kolab 3.1 is still in alpha stage. About a month ago, we hooked up a couple of thousand users to Kolab 3.1 - you may have heard, We realized that we spent too much time on packaging for a variety of ... [More] distributions, and still we didn't get it all up to par, so we need to change things around and see what we can do about it (which is causing delays in beta and stable releases), We (read: I) realized it's rather difficult to contribute to a set of documentation written in Publican-assisted DocBook, that as it turned out, not even I myself could sensibly maintain. These are changes you implement when a new release is issued, and not mid-release as a surprise to everyone. That said, we also decided we could not wait another 6 months for these changes to be implemented. I'm sorry for all of you waiting in anticipation, but rest assured we're on top of it (Kolab 3.1 that is), and it is actually rather stable (despite it's current alpha label).   [Less]

Some time ago, Kolab community member Milosz Galazka wrote several pieces about integrating Dokuwiki, Tiny Tiny RSS and Piwik into the Kolab webclient. His code is now on github, so you can easily follow the ongoing development, use the code yourself ... [More] or even contribute to it. Here are the repositories: https://github.com/milosz/kolab-octo-iframe https://github.com/milosz/kolab-octo-dokuwiki https://github.com/milosz/kolab-octo-tiny-tiny-rss https://github.com/milosz/kolab-octo-owncloud   [Less]

I installed Kolab3 on a fresh Ubuntu 12.04 LTS box this morning. It was a bit more than simply running an apt-get, so I thought I document the basic process I used. Most of this is documented around the web in various places, but I didn't find a ... [More] single resource with the process. Remember to do all your work as root or privileged user ;) Download the quantal copy of smarty3 (you'll need it for the kolab-webadmin package). You can find it here (http://packages.ubuntu.com/quantal/smarty3). configure aptvi /etc/apt/preferences.d/kolab3.pref kolab3.pref: Package: * Pin: origin mirror.kolabsys.com Pin-Priority: 501 this ensures the kolab sources get priority. vi /etc/apt/sources.list.d/kolab3.list kolab3.list: deb http://mirror.kolabsys.com/pub/ubuntu/kolab-3.0/ precise development deb-src http://mirror.kolabsys.com/pub/ubuntu/kolab-3.0/ precise development # Adding wheezy mirror for libmozldap and mozldap-tools; comment out after installing 'em deb http://mirror.kolabsys.com/pub/debian/kolab-3.0/ wheezy development this adds the kolab package sources. Now we can update apt: apt-get update install dependencies: php packages are needed for the smarty3 install, moz ldap packages are from wheezy sources (which we'll remove before kolab install). apt-get install php5 php5-common php5-cgi php5-cli mozldap-tools libmozldap-0d dpkg -i /home/<user>/smarty3_3.1.10-2_all.deb (this is the quantal .deb package for smarty3 that you should've downloaded already) now that the wheezy dependencies are satisfied, we need to remove the sources or we'll create conflicts later on. vi /etc/apt/sources.list.d/kolab3.list kolab3.list: deb http://mirror.knolabsys.com/pub/ubuntu/kolab-3.0/ precise development deb-src http://mirror.kolabsys.com/pub/ubuntu/kolab-3.0/ precise development # Adding wheezy mirror for libmozldap and mozldap-tools; comment out after installing 'em # deb http://mirror.kolabsys.com/pub/debian/kolab-3.0/ wheezy development Update apt again (this time without the wheezy sources) apt-get update Additional preparations Add a couple more packages without the wheezy sources (cyrus-imapd we install so we can create some sym links before kolab install and python-dateutil is required by wallace - but not part of kolab install, go figure, it's a development package) apt-get install cyrus-imapd python-dateutil Create some symbolic links for cyrus imapd (ubuntu uses 'cyrus' where kolab use 'imap' in the directory structure; my hack to simply link them. Not pretty, but works) ln -s /var/lib/cyrus /var/lib/imap ln -s /var/spool/cyrus /var/spool/imap ln -s /usr/lib/cyrus /usr/lib/imap NOW we can install kolab! apt-get install kolab Do the recommended manual configs You may have noticed some errors concerning kolabformat, etc. We just have to do these bits manually. rm /var/lib/dpkg/info/php-kolabformat.postinst /var/lib/dpkg/info/php-kolabformat.postrm /var/lib/dpkg/info/php-kolab.postrm /var/lib/dpkg/info/php-kolab.postinst ln -s /usr/share/php5/kolab/kolabformat.ini /etc/php5/conf.d/ ln -s /usr/share/php5/kolab/kolab.ini /etc/php5/conf.d/ Now we can install the kolab-webadmin package apt-get install kolab-webadmin Run the setup setup-kolab Finally, some post setup configuration We need to add some users to groups: vi /etc/group group (changes to ssl-cert and mail): # cyrus goes in ssl-cert group ssl-cert:x:xxx:cyrus # postfix goes in mail group mail:x:xxx:postfix Use the Ubuntu snakeoil cert/key: vi /etc/imapd.conf imapd.conf (changes): tls_cert_file: /etc/ssl/certs/ssl-cert-snakeoil.pem tls_key_file: /etc/ssl/private/ssl-cert-snakeoil.key tls_ca_file: /etc/ssl/certs/ssl-cert-snakeoil.pem Make sure ptloader has a place to put its socket: mkdir /var/lib/imap/ptclient chown cyrus:mail /var/lib/imap/ptclient restart the email services: service cyrus-imapd restart (WHEW) BlogTags:  IT &Tech Kolab   [Less]

Today is a sad day for the world of Information Technology and the cause of software freedom. PJ just announced she’ll be shutting down Groklaw. It’s hard to overestimate the role that Groklaw has played in the past years. Many of us, myself ... [More] included, have worked with Groklaw over the years. I still take pride my article about the dangers of OOXML for Free Software and Open Standards might have been the first of many calls to arms on this topic. Or how Groklaw followed the Microsoft antitrust case that FSFE fought for and with the Samba team, and won for all of software freedom. Groklaw was essential in helping us counter some of the Microsoft spin-doctoring. Or the Sean Daly interview with Volker Lendecke, Jeremy Allison, Carlo Piana and myself for Groklaw after the landslide victory against Microsoft in court. I remember very well how giddy I still was during the interview for having realized that Microsoft would not be able to take down FSFE, because that would have been the consequence had they gotten their way. We bet our life’s work at the time. And won. The relief was incredible. So there is a good deal of personal sadness to hear about this, as well as a general concern which Paul Adams just summarized rather well on the #kolab IRC channel: the world of IT is just that little bit less safe without groklaw And it’s true. Groklaw has been the most important platform to counter corporate spin doctoring, has practiced an important form of whistleblowing long before Wikileaks, and has been giving alternative and background perspective on some of the most important things going on inside and outside the media limelight. without Groklaw, all of us will lack that essential information. So firstly, I’d like to thank PJ for all the hard years of work on Groklaw. Never having had the pleasure of meeting her in real life, I still feel that I know her from the conversations we had over email over so many years. And I know how she got weary of the pressure, the death threats and the attempts at intimidating her into silence. Thank you for putting up with it for so long, and for doing what you felt was right and necessary despite the personal cost to yourself! The world needs more people like you. But with email having been the only channel of communication she was comfortable using for reasons of personal safety, when Edward Snowden revealed the PRISM program, when Lavabit and Silent Circle shut down, when the boyfriends of journalists get detained at Heathrow, she apparently drew the conclusion this was no longer good enough to protect her own safety and the safety of the people she was in communication with. That she chose MyKolab.com as the service to confide in with her remaining communication lines at least to me confirms that we did the right thing when we launched MyKolab.com and also that we did the right thing in the way we did it. But it cannot mitigate the feeling of loss for seeing Groklaw fall victim to the totalitarian tendencies our societies are exhibiting and apparently willingly embracing over the past years. While we’re happy to provide a privacy asylum in a safe legislation, society should not need them. Privacy should be the default, not the exception.   [Less]

When Edward Snowden leaked intelligence files, a storm was triggered in the cloud, leaving a path of destruction. Snowden’s email provider Lavabit shut down. So has the email offering of Silent Circle. The Guardian ... [More] ran a story declaring: Lavabit’s closure marks the death of secure cloud computing in the U.S. And the EU is not entirely unaffected either. Be it by the Tempora program in the UK or the U.S. National Security Agency facilities that reportedly reside in Germany. read more   [Less]

In January this year we started the MyKolab beta phase and last week we finally moved it to its production environment, just in time for the Swiss national day. This seemed oddly fitting since the Swiss national day celebrates its independence and ... [More] self-determination, as they were liberating themselves from the feudal system. So when Bruce Schneier wrote about how the Internet right now resembles a feudal system, it was too tempting an opportunity to miss. And of course PRISM and Tempora played their part in the timing, as well, although we obviously had no idea this leak was coming when we started the beta in January. Anyhow. So now MyKolab.com has its new home. Step 1: Hardware & Legislation It should be highlighted that we actually run this on our own hardware, in a trustworthy, secure data centre, in a rack which we physically control. Because that is where security starts, really. Also, we run this in Switzerland, with a Swiss company, and for a reason. Most people do not seem to realize the level of protection data enjoys in Switzerland. We tried to explain it in the FAQ, and the privacy information. But it seems that too many people still don’t get it. Put frankly, in these matters, legislation trumps technology and even cryptography. Because when push comes to shove, people would rather not go to jail. So no matter what snake oil someone may be trying to sell you about your data being secure because “it is encrypted on our server with your passphrase, so even we don’t have access” – choice of country and legislation trumps it all. As long as server-side cryptography is involved a provider can of course access your data even when it is encrypted. Especially when the secret is as simple as your password which all your devices submit to the server every time you check mail. Better yet, when you have push activated, your devices even keep the connection open. And if the provider happens to be subject to a requirement to cooperate and hand over your data, of course they will. Quite often they don’t even necessarily know that this is going on if they do not control the physical machines. XKCD 538: Security So whenever someone tries to serve you that kind of snake oil, you should avoid that service at all cost, because you do not know which lies you are not catching them in the act with. And yes, it is a true example, unfortunately. The romantic picture of the internet as a third place above nation states has never had much evidence on its side. Whoever was harbouring these notions and missed XKCDs take on the matter should definitely have received their wakeup call by Lavabit and Silent Circle. The reality of the matter is: There is no digital security without physical security, and Country and applicable legislation always win. Step 2: Terms of Service & Pricing So legislation, hardware. What else? Terms of Service come to mind. Too often they are deliberately written to obfuscate or frankly turn you into the product. Because writing software, buying hardware, physical security, maintaining systems, staffing help desks, electricity: All these things cost money. If you do not pay for it, make sure you know who does. Because otherwise it’s like this old poker adage: If you cannot tell who is the weakest player at the table, it’s you. Likewise for any on-line service: if you cannot tell who is paying for this, it’s probably you. Sometimes this may just in ways you did not expect, or may not have been aware of. So while most people only look for the lowest price, the question you actually should be asking yourself is: Am I paying enough for this service that I think it can be profitable even when it does everything right and pays all its employees fairly even if they have families and perhaps even mortgages? The alternative are services that are run by enthusiasts for the common good, or subsidized by third parties – sometimes for marketing purposes. If it is run by an enthusiast, the question is how long they can afford to run this service well, and what will happen if their priorities or interests change. Plus few enthusiasts are willing to dish out the kind of cash that comes with a physically controlled, secure system in a data centre. So more often than not, this is either a box in someone’s basement where pretty much anyone has access while they go out for a pizza or cinema, or – at least as problematic – a cheap VM at some provider with unknown physical, legislative and technical security. If it is a subsidized service, it’s worse. Just like subsidies on food in Europe destroy the farming economy in Africa, making almost a whole continent dependent on charity, subsidized services cannibalize those that are run for professional interest. In this case that means they damage the professional development community around Open Source, leading to less Free Software being developed. Why is that? Because such subsidized services typically do not bother with contributing upstream – which is a pure cost factor and this is already charity, so no-one feels there is a problem not to support the upstream – and they are destroying the value proposition of those services that contribute upstream. So the developers of the upstream technologies need to find other ways to support their work on Open Source, which typically means they get to spend less time on Free Software development. This is the well-meaning counterpart to providers who simply take the software, do not bother to contribute upstream, but use it to provide a commercial service that near-automatically comes in below the price if you were to price it sustainably by factoring in the upstream contribution and ongoing development. The road to hell and all that. None of this is anything we wanted to contribute to with MyKolab.com. So we made sure to write Terms of Service that were as good, honest and clear as we could make them, discussed them with the people behind the important Terms of Service; Didn’t Read project, and even link to that project from our own Terms of Service so people have a fair chance to compare them without being lawyers or even reading them. Step 3: Contributing to the Commons Roundcube++ - The Kolab Web Client We also were careful to not choose a pricing point that would cannibalize anything but proprietary software. Because we pay the developers. All of who write Open Source exclusively. This has made sure that we have been the largest main contributor to the Roundcube web mailer by some margin, for instance. In doing so, we deliberately made sure to keep the project independent and did not interfere with its internal management. Feel free to read the account of Thomas Brüderli on that front. So while hundreds of thousands of sites use Roundcube world wide, and it is popular with millions of users, only a handful of companies bother to contribute to its development, and none as much as Kolab Systems AG, which is the largest contributor by orders of magnitude. Don’t get me wrong. That’s all fine. We are happy about everyone who makes use of the software we develop, and we firmly believe there is a greater good achieved through Free Software. But the economics are nonetheless the same: The developers working on Roundcube have lives, families even, monthly bills to pay, and we pay them every month to continue working on the technology for everyone’s good. Within our company group, similar things can probably be said for more than 60 people. And of course there are other parts of our stack that we do not contribute as much to, in some cases we are primarily the beneficiary of others doing the same. It’s a give and take among companies who operate in this way that works extremely well. But there are some who almost never contribute. And if, as a customer, you choose them over those that are part of the developer community, you are choosing to have less Open Source Software developed. So looking at contribution to Free Software as one essential criterion for whether the company you are about to choose is acting sustainably or trying to work towards a tragedy of the commons is something I would certainly suggest you do. This now brings us to an almost complete list of items you want to check Physical control, including hardware Legal control, choice of applicable legislation Terms of Service that are honest and fair Contribution to Open Source / Free Software and you want to make sure you pay enough for all of these to meet the criteria you expect. Bringing it all together On all these counts simultaneously, we made sure to put MyKolab.com into the top 10%. Perhaps even the top 5%, because we develop, maintain and publish the entire stack, as a solution, fully Open Source and more radically Open Standards based than any other solution in this area. So in fact you never need to rely upon MyKolab.com continuing to provide the service you want. You can always continue to use the exact same solution, on your own server, in your own hands. That is a claim that is unique, as far as I am aware. And you know that whatever you pay for the service never contributes to the development of proprietary software, but contributes to the state of the art in Free Software, available for everyone to take control of their own computing needs, as well as also improving the service itself. For me, it’s this part that truly makes MyKolab.com special. Because if you ever need to break out of MyKolab.com, your path to self-reliance and control is already built into the system, delivered with and supported by the service itself: It’s called Kolab.     [Less]

Following the disclosures about details on how the United States and other countries are monitoring the world there has been a global discussion about this subject that’s been long overdue. In previous articles I tried to put together what actually ... [More] has been proven thus far, what that means for society, and what are the implications for businesses around the world. Now I’d like to take a look at governments. Firstly, of course governments have a functional aspect not entirely unlike business, and of course governments should be conscious about the society and values they promote. Purely on these grounds it would likely be possible to say quite a few things about the post PRISM society. Secondly, there is of course also the question to which extent governments have known about this previously and may even have colluded with what has been going on – in some cases possibly without democratic support for doing so. It has been pointed by quite a few journalists that “I had no idea” amounts to saying you have not been following technical progress since the typewriter was invented, and there is some truth to that. Although typewriters have also known to be bugged, of course. In fact when spending so much time at the United Nations, one of the typical sights would be a diplomat talking on their mobile phone while covering their mouth with one hand in order to ward off the possibility of lip readers. So there is clearly an understanding that trying to know more about anyone you may have common or opposing interests with will give you an advantage, and that everyone is trying to gain that advantage to the best of their ability. What I think is really at play here are two different things: Having been blind-sided by the actual threat, and having been found naïve. Defending against bunnies, turning your back on lions Smart politicians will now have understood their threat model has been totally off. It’s much easier to intercept that mobile phone call (and get both sides of the conversation) than it is to learn to lip read, guarantee to speak the same language and try and make sure you have line of sight. In other words: They were spending lots of effort protecting the wrong things while ignoring the right things. So there is no way for them to know how vulnerable they have been, what damage arose from that, and what will follow from that for their future work. So intelligent people should now be very worried, indeed. Because either they did not know better, or perhaps even let a sense of herd safety drag them along into behaviour that has compromised their professional integrity in so far as it may have exposed their internal thoughts to people they did not want to share them with. If you’ve ever seen how international treaties are being negotiated it does not take a whole lot of fantasy to imagine how this might be a problem. Given the levels of secrecy and apparent lack of supervision if highest level politicians truly had no idea, there is also a major concern about possible abuse of the system to influence the political balance within a country by those in government. Politicians are also romantic The other part of the surprise seems to stem from a certain romantic notion of friendship among nations harboured by many politicians and deliberately nurtured by nations that do not share such romantic perspectives, most importantly in this context the United States. The allies of the United States, in particular also the European Union know that the US has these capabilities and is not afraid to use them to gain an advantage for the home team. But for some reason they thought they were part of that home team because the United States have been telling them they’re best friends forever. It does not lack a certain irony that Germany fell for this, not realizing that the United States are following their default approach abroad, which is commonly referred to as Realpolitik in the US. So when European politicians suddenly realize that it may be problematic to negotiate free trade agreements with someone who is reading your internal briefings and mails and is listening to your phone calls, it is not so much out of a shock that the US is doing this in general. They know the US is not shy to use force at any level to obtain results. It’s about the fact they’re using these methods universally, no matter who you are. That they were willing to do so against Switzerland, a country in the heart of Europe, should have demonstrated that aptly. Only that in this particular case, EU politicians were hoping to ride on the coat-tails of the US cavalry. International Organizations Of course that surprise also betrays the level of collaboration that has been present for a long time. The reason they thought they were part of the home team is that in some cases, they were. So when they were the benefactors of this system as they worked side by side with the United States at the Intergovernmental Organizations to put in place the global power structures that rule the world, this sort of advantage might have seemed very handy and very welcome. Not too many questions were asked, I presume. But if you’re one of the countries in transition, a country from the developing world, or simply a country that got on the wrong sides of the United States and their power block, you now have to wonder: How much worse are you off for having been pushed back in negotiation much further than if the “Northern” power block had not known all your internal assessments, plans and contingencies? And how can Intergovernmental Organizations truly function if all your communications with these organizations are unilaterally transparent to this power block? It’s time to understand that imbalance, and address it. I know that several countries are aware of this, of course, and some of them are actively seeking ways to address that strategic disadvantage, since parts of our company group have been involved in that. But too many countries do not yet seem to have the appropriate measures in place, nor are they addressing it with sufficient resource and urgency, perhaps out of a underestimation of the analytic capabilities. The PRISM leaks should have been the wakeup call for these countries. But I’d also expect them to raise their concerns at the Intergovernmental Organizations, asking the secretariats how the IT and communications strategy of these organizations adequately protects the mandate of the organizations, for they can only function if a certain minimum level of confidence can be placed into them and the integrity of their work flow. Global Powerstructures But on a more abstract level, all of this once more establishes a trend of the United States as the secret world government. Because it is for the US government to decide which countries to bless with access to that information, and whose information to access. Cooperate and be rewarded. Be defiant and be punished. For example by ensuring your national business champion does not get that deal since we might just employ our information to ensure our competing US business will.. This establishes a gravitation towards pleasing the interests of the United States that I find problematic. As I would find a similar imbalance towards any other nation. But in this case it is the United States that has moved to “economic policy by spook” as a good friend recently called it. Although of course there may be other countries doing the same, as right now it seems more or less confirmed this is at least in part collusion at NATO level. Be that as it may, countries need to understand that their sovereignty and economic well-being is highly dependent upon the ability to protect your own information and that of your economy. Which is why Brazil and India probably feel confirmed in their focus on strategic independence. With the high dependency of virtually any economic sector, Information Technology has become as fundamental as electricity, roads or water. Perhaps it is time to re-assess to which level governments want to ensure an independent, stable supply that holds up to the demands of their nation. Estonias president recently suggested to establish European cloud providers, other areas of the world may want to pay close attention to this. The Opportunity Exists, Does The Will? Let’s say a nation wanted to address these issues. Imagine they had to engineer the entire stack of software. The prospects would be daunting. Fortunately they don’t have to. Nothing runs your data centres and infrastructures better, and with higher security than Free Software does. Our community has been building these tools for a long time now, and they have the potential to serve as the big equalizer in the global IT power struggle. The UNCTAD Information Economy Reports provide some excellent fact based, neutral analysis of the impact of software freedom on economies around the world. Countries stand to gain or lose a lot in this central question. Open Source may have been the answer all along, but PRISM highlighted the need is both real and urgent. Any government should be able to answer the following question: What is your policy on a sovereign software supply and digital infrastructure? If that question cannot be answered, it’s time to get to work. And soon. All articles: [ Part 1: Welcome to the Post-PRISM Society ] - The primer [ Part 2: Totaliatarian Clouds ] - The social implications [ Part 3: No More Business Secrets] - The business impact   [Less]

After a primer on the realities of today’s world, and the totalitarian tendencies that follow from this environment and our behaviour in it, let’s take a look at what this means for professional use of information technology. Firstly, it should be ... [More] obvious that when you use the cloud services of a company, you have no secrets from that company other than the ones this company guarantees you to keep. That promise is good up to the level of guarantee that such a company can make due to the legal environment it is situated in and of course subject to the level of trust you can place into the people running and owning the company. So when using Google Apps for your business, you have no secrets from Google. Same for Office 365 and Microsoft. iCloud and Apple. Also, these companies are known for having very good internal data analytics. Google for instance has been using algorithms to identify employees that are about to leave in order to make them a better offer to keep them on board. Naturally that same algorithm could be used to identify which of your better employees might be susceptible to being head hunted. Of course no-one will ever know whether that actually took place or whether it contributed to your company losing that important employee to Google. But the simple truth is: In some ways, Google/Microsoft/Apple is likely to know a lot more about your business than you do yourself. That knowledge has value, and it may be tempting to turn that value into shareholder value for either of these businesses. If you are a US business, or a small, local business elsewhere that may not be an issue. But if you are into software, or have more than regional reach, it may become a major concern. Because thanks to what we now know about PRISM, your using these services means the US intelligence services also have real-time access to your business and its development. And since FISA explicitly empowers these services to make use of those capabilities for the general interests of the United States – including foreign policy and economic goals – the conclusion is simple: You might just be handing your internal business information to people who are champions for your competition. Your only protection is your own lack of success. And you might be right, you might be too small for them to use too many resources, because while their input bandwidth is almost unlimited, their output bandwidth for acting upon it of course has limits. But that’s about it. The US has a long tradition of putting their public services at the disposal of industry, trying to promote their “tax paying home team.” It’s a cultural misunderstanding to assume they would be pulling their punches just because you like to watch Hollywood movies and sympathise with the American Dream. Which is why the US has been active to promote GM crops in Europe, or uphold the interests of their pharmaceutical industry. Is anyone at Roche reading this? No shareholder is concerned about this? To me it would seem like a good example of what risks are unwittingly taken when you let the CFO manage the IT strategy. Those two professions rarely mix, in my experience. The United States are not the only nation in the world doing this, of course. Almost every nation has at least a small agency trying to support its own industry in building international business, and the German chancellor typically has a whole entourage of industry representatives when she’s visiting countries that are markets of interests. I guess it’s a tribute to their honesty that the United States made it explicit for its intelligence services to feed into this system in this way. Several other countries are likely to do the same, but probably not as successfully or aggressively. Old school on site IT as the solution? Some people may now feel fairly smart they did not jump on the Public Cloud bandwagon. Only that not all of them are as secure as they think they are. Because we also learned that access to data is not only happening through the public clouds. Some software vendors, most importantly Microsoft, are also supplying the NSA with priority access to vulnerabilities in their software. Likely they will do their best to manage the pipe of disclosure and resolution in a way that there is always at least one way for the NSA to get into your locally installed system in an automated fashion that is currently not publicly known. This would also explain the ongoing debate about the “NSA back door in Windows” which were always denied, but the denial could have been carefully concealing this alternative way of achieving the same effect. So running your local installation of Windows is likely a little better for your business secrets than using public cloud services by US businesses, but not as much as you might want to believe. But it’s not just Windows, of course, Lotus has been called out on the same practice a long time ago, and one may wonder whether the other software vendors avoided doing it, or simply avoided being caught. Given the discussions among three-letter agencies about wanting that level of access into any software and service originating in the United States, and provided the evident lack of public disclosure in this area, a rather large question mark remains. So on-site IT is not necessarily the solution, unless it is done to certain standards. In all honesty, most installations probably do not meet those at the moment.  And the cost associated with doing it properly may be considered excessive for your situation. So it’s not as simple and not a black and white decision between “all on-site self-run” and “all in public cloud by US business”. There is a whole range of options in between that provide different advantages, disadvantages, costs and risks. Weighing the risks So whatever you do: There is always a risk analysis involved. All businesses take risks based on educated guesses and sometimes even instinct. And they need to weigh cost against benefit. The perfect solution is rarely obtained, typically because it is excessively costly, so often businesses stick with “what works.” And their IT is no different in that regard. It is a valid decision to say you’re not concerned about business secrets leaking, or consider the likely damage smaller than the risk of running a poorly secured IT under your own control either directly or through a third party. And the additional cost of running that kind of installation well does not seem justified in comparison to what you gain. So you go to a more trustworthy local provider that runs your installation on Open Source and Open Standards. Or you use the services of a large US public cloud vendor. It’s your call to make. But I would argue this call should always be made consciously, in full knowledge of all risks and implications. And truth is that in too many cases people did not take this into account, it was more convenient to ignore and dismiss as unproven speculation . Only that it’s only speculation as long as it hasn’t been proven. So virtually any business right now should be re-evaluating its IT strategy to see what risks and benefits are associated with their current strategy, and whether another strategy might provide a more adequate approach. And when that evaluation is done, I would suggest to look at the Total Cost of Operations (TCO). But not in an overly simplistic way, because most often the calculation is skewed in favour of proprietary lock-in. So always make sure to factor in cost of decommissioning the solution you are about to introduce. And the TCO isn’t everything. IT is not just a cost, there is a benefit. All too often two alternatives are compared purely on the grounds of their cost. So more often than not the slightly cheaper solution will be chosen despite offering dramatically fewer benefits and a poor strategic outlook. And a year later you find out that it actually wasn’t cheaper, at all, because of hidden costs. And that you would have needed the benefits of the other solution. And that you’re in a strategic dead-end. So I would always advocate to also take into account the benefits, both in things you require right now, and in things that you might be able to achieve in the future. For lack of a common terminology, let’s call this the Option Value Generated (OVG) for your business, both in gained productivity, as well as innovative potential. And then there is what I now conveniently name the Customer Confidence Impact (CCI) of both your ability to devise an efficient IT strategy, as well as how you handle their business, data and trust. After all is said and done, you might still want to run US technology. And you might still want to use a public cloud service. If you do, be transparent about it, so your customers can choose whether or not they agree to that usage by being in business with you. Because some people are likely to take offence due to the social implications and ownership of their own data. In other words: Make sure those who communicate with you and use your services know where that data ends up. This may not be a problem for your business and your customers. They may consider this entirely acceptable, and that is fine. Being able to make that call is part of what it means to have freedom to try out business approaches and strategies. But if you do not communicate your usage of this service, be aware of the risks you might be incurring. The potential impact for customer confidence and public image for having misled your business associates and customers is dramatic. Just look at the level of coverage PRISM is getting and you’ll get an idea. The door is wide open When reviewing your strategy, keep in mind that you may require some level of ability to adapt to a changed world in the future. Nothing guarantees that better than Open Source and Open Standards. So if you have ignored this debate throughout the past years, now would be the time to take a look at the strategic reasons for the adoption of Free Software. Most importantly transparency, security, control, ability to innovate. While the past ten years most of the debate has been around how Open Source can provide more efficient IT at better price for many people, PRISM has demonstrated that the strategic values of Free Software were spot on and are providing benefits for professional use of IT that proprietary software cannot hope to match. Simultaneously the past 20 years have seen a dramatic growth of professional services in the area. Because benefits are nice in theory, but if they cannot be made use of because the support network is missing, they won’t reach the average business. In fact, in the spirit of full disclosure, I speak of personal experience in this regard. Since 2009 I dedicated myself to building up such a business: Kolab Systems is an Open Source ISV for the Kolab Groupware Solution. We built this company because Kolab had a typical Open Source problem. Excellent concepts and technology, but a gap in professional support in services to allow wide adoption and use of that technology. That’s been fixed. We now provide support for on-site hosting as well as Kolab as a service through MyKolab.com. We even structured our corporate group to be able to take care of high security requirements in a verifiable way. But we are of course not the only business that has built its business around combining the advantages of software freedom with professional services for its customers. There are so many businesses working on this that it would be impossible to list them all. And they provide services for customers of all sizes – up to the very largest businesses and governments of this world. So the concerns are real, as are the advantages. And there is a plethora of professional services at your disposal to make use of the advantages and address the concerns. The only question is whether you will make use of them. All articles: [ Part 1: Welcome to the Post-PRISM Society ] - The primer [ Part 2: Totaliatarian Clouds ] - The social implications   [Less]

1) /etc/postfix/main.cf: mynetworks erweitert um das interne Netz (und evtl. Subnetze) - per default war das nur 127.0.0.1 2) Die Default-Limits (20MB) sind für meine Begriffe zu niedrig, also stellen wir höhere Werte (40MB) ein. hinzufügen zu ... [More] /etc/postfix/main.cf: message_size_limit = 41943040 mailbox_size_limit = 41943040 Postfix anschliessend neu starten: service postfix restart 3) fetchmail installieren & konfigurieren apt-get install fetchmail /etc/fetchmailrc existiert noch nicht, also Datei anlegen und bearbeiten. Hier eine Beispielzeile: poll providerpop3 with uidl proto pop3 user provideruser there with password providerpassword is kolab3user@mydomain here keep Starten von fetchmail als Daemon erlauben in /etc/default/fetchmail: START_DAEMON=yes fetchmail starten: service fetchmail start 4) die nächsten Schritte: - smtp auth für Senden über Providerserver (momentan wird über den Bestands-kolab2-Server gesendet, da ist das nicht erforderlich) - Daten aus kolab2 übernehmen - Adressbuch - Kalender     [Less]