Self-Hosting Isn't a Solution; It's A Patch (matduggan.com)
from tux0r@feddit.org to selfhosted@lemmy.world on 22 Nov 2024 14:31
https://feddit.org/post/4989222

#selfhosted

threaded - newest

fear025@lemm.ee on 22 Nov 2024 14:36 next collapse

Either that, or it’s the new way of installing applications on your own computer. These just happen to be web accessible.

BearOfaTime@lemm.ee on 22 Nov 2024 14:44 collapse

Also, Trust, but Verify.

Even if we had fantastic regulations, we’d still have scammers and hackers out there.

If my data never leaves my systems, my risk of exposure is far smaller.

ptz@dubvee.org on 22 Nov 2024 14:43 next collapse

I’ve self hosted long before the privacy/subscription nightmare of modern cloud/SaaS platforms was a thing. I do it because I enjoy it (and at the time I got started, I had crap internet so having good local services like offline Wikipedia was important).

Not everyone has to self-host. I run lots of services, mostly for myself, but friends and family who don’t know a kernel driver from a school bus driver also use them. So the expectation that everyone self host is and always has been “pie in the sky”. And that’s okay.

Privacy regulations are all fine and dandy, but even with the strictest ones in place, you still do not own or control your data. You’re still subscribing to services instead of owning software. You can’t extend, modify, or customize hosted software. Self hosting FOSS applications addresses all of those.

So rather than expect everyone to self-host, we should be working towards communities offering services to one another, pooling resources, and letting those interoperate with each other.

To make fun of an old moral panic in the 90s: “It’s 11pm. Do you know where your data is?” Yep, it’s down the street in Matt’s house.

jet@hackertalks.com on 22 Nov 2024 14:50 next collapse

Right. I think the real vision isn’t that every single person self-hosts, but every community has somebody in it who does the self-hosting for the community. Everybody can be independent like villages instead of totally centralized like empires

tux0r@feddit.org on 22 Nov 2024 14:55 collapse

every community has somebody in it who does the self-hosting for the community

That’s what (e.g.) Google and Facebook do: Host software for the community.

jet@hackertalks.com on 22 Nov 2024 15:00 next collapse

And if you’re one of the people who can crack a beer open with the owners of Google, then you found your right community.

However, in the general case, I don’t think these count as any individuals communities. You can’t rub elbows with the people maintaining Google and Facebook. You can’t talk to them about issues you’re having, they’re not going to dynamically modify the system for special cases that are important to your community. A community is a group of people who know each other.

BearOfaTime@lemm.ee on 22 Nov 2024 15:06 next collapse

They host software for anyone to use, and capture all the data, usage patterns, etc, for themselves, to use for their benefit, and to use against you.

Hell, Google deleted a company’s entire dataset recently. Everything. They gave the police location data on an area and a random person, for no reason other than happening to be in the area, was arrested for murder. Nevermind that they biked through that area every day. Remember Facebook tracking pixels? Cambridge Analytica (which is currently in court)? I mean I can go on and on about how FAANG is abusive and dishonest.

And you want to sit here and tell me they’re the answer?

Are you just an apologist for FAANG, etc? Because you’re really sounding like one at this point.

Who’s paying you to post this disinformation?

tux0r@feddit.org on 22 Nov 2024 15:14 collapse

They host software for anyone to use, and capture all the data, usage patterns, etc, for themselves, to use for their benefit, and to use against you.

So I guess that we can agree that data stored on other people’s computers will not be safe. I honestly wonder why you think other people’s computers are safer if you know their names.

And you want to sit here and tell me they’re the answer?

I would be very grateful if you would only judge what I have written and not what you think I might have meant.

Are you just an apologist for FAANG, etc?

There is no reason to attack me personally, my friend.

Who’s paying you to post this disinformation?

Just in case I’m fundamentally misunderstanding your personal attack so I don’t report it to the moderators without cause: What is ‘disinformation’ about my pointing out that Google and Facebook host software for other people (even if they have their own motives)?

eskuero@lemmy.fromshado.ws on 22 Nov 2024 15:10 collapse

That’s like saying a farmer will put cheese on a piece of cardboard for the mice to eat.

They might eat it yes, but that wasnt the reason for the whole interaction to start. The glue around the cheese was.

tux0r@feddit.org on 22 Nov 2024 15:16 collapse

I’m glad that you see my point that “other people hosting your data” is not really a good idea.

eskuero@lemmy.fromshado.ws on 22 Nov 2024 15:24 collapse

If you expect your IT cousin/uncle/brother hosting the family immich/nextcloud to not be a trusted person in regards of bad actors your issue is not exclusive to selfhosting.

tux0r@feddit.org on 22 Nov 2024 14:54 next collapse

You can’t extend, modify, or customize hosted software. Self hosting FOSS applications addresses all of those.

But:

rather than expect everyone to self-host, we should be working towards communities offering services to one another

How exactly are “communities offering services” a different thing than “hosted software”?

ptz@dubvee.org on 22 Nov 2024 14:58 next collapse

How exactly are “communities offering services” a different thing than “hosted software”?

It’s a lot easier to ask Matt down the street to customize or add a feature than it is to ask Google, FB, etc.

Case in point: I’ve run my own email server since 2013 or so. I’ve got friends and family that use it. One of my friends asked if there was any way to setup rules to filter emails and such. I was like “yep” and added on Sieve to Dovecot and setup the webmail (Roundcube at the time) with the Sieve plugin.

Granted, that’s a pretty basic feature that pretty much all commercial email providers offer, but the point is someone asked for it and I made it happen for them.

Prunebutt@slrpnk.net on 22 Nov 2024 15:08 collapse

Also: Matt probably won’t sell my data to Palantir and ad tech businesses.

schizo@forum.uncomfortable.business on 22 Nov 2024 15:02 next collapse

How exactly are “communities offering services” a different thing than “hosted software”?

I think what they’re saying is that the ideal wouldn’t be to force everyone to host their own, but rather for the people who want to run stuff to offer them to their friends and family.

Kinda like how your mechanic neighbor sometimes helps you do shit on your car: one person shares a skill they have, and the other person also benefits. And then later your neighbor will ask you to babysit their kids, and shit.

Basically: a very very goofy way of saying “Hey! Do nice things for your friends and family, because that’s kinda how life used to work.”

BearOfaTime@lemm.ee on 22 Nov 2024 15:03 collapse

Trust.

I trust my brother more than Google. Same with Jim down the street.

I trust my circle of acquaintances more than Google (et al) , especially since Google (et al) have demonstrated, repeatedly, to be untrustworthy.

In fact, they’ve demonstrated they are outright adversarial to me and mine.

schizo@forum.uncomfortable.business on 22 Nov 2024 15:07 next collapse

Privacy regulations are all fine and dandy, but even with the strictest ones in place,

They’re also subject to interpretation, regulatory capture, as well as just plain being ignored when it’s sufficiently convenient for the regulators to do so.

“There ought to be a law!” is nice, but it’s not a solution when there’s a good couple of centuries of modern regulatory frameworks having had existed, and a couple centuries of endless examples of where absolutely none of it matters when sufficient money and power is in play.

Like, for example, the GDPR: it made a lot of shit illegal under penalty of company-breaking penalties.

So uh, nobody in the EU has had their personal data misused since it was passed? And all the big data brokers that are violating it have been fined out of business?

And this is, of course, ignoring the itty bitty little fact that you have to be aware of the misuse of the data: if some dude does some shady shit quietly, then well, nobody knows it happened to even bring action?

tburkhol@lemmy.world on 22 Nov 2024 16:19 collapse

Exactly. I’m just here to say that regulation isn’t a solution to corporate malfeasance - at best it is a patch until the corp lawyers figure out where the loopholes are or how to accomplish the malfeasance in a different way.

cron@feddit.org on 22 Nov 2024 15:30 collapse

I can and do self host, but I’m not willing to provide these services for free. I don’t want to be responsible for other peoples passwords or family photos.

Thats where good, privacy-respecting services come into play. Instead of hosting for my neighbours, I would recommend mailbox.org, bitwarden, ente or a hosted nextcloud.

ptz@dubvee.org on 22 Nov 2024 15:39 next collapse

That’s okay, too.

For me, I only let people I know use them (friends and family) with the exception of my Lemmy instance, of course (and even that’s not wide open to the world).

I’d be running these for myself whether anyone else used them or not. Unless I’m hosting for hundreds of people, the cost to run these services is the same as it is just for myself. Granted, I don’t have people gaming the system trying to backup their entire PCs to their email inbox or Nextcloud, but that’s where the trust factor (and storage quotas) comes in.

As far as being responsible for all that goes, again, the small audience of people I know personally lets me explain that it’s all “best effort”. That said, I do take my own backups and high availability seriously and they benefit from that.

tux0r@feddit.org on 22 Nov 2024 17:41 collapse

Note that you don’t know what the hosters know, store and/or sell about you.

cron@feddit.org on 22 Nov 18:05 collapse

There is no way to be 100% sure, but:

  • bitwarden and ente have open source clients that ecrypt all data locally in a way that the provider can’t restore data
  • nextcloud isn’t optimal, while you can encypt data at rest, the provider might be able to spy on you
  • With mail providers it is difficult, but mailbox.org has my (personal) trust by building their business model on data protection and open source
CarbonatedPastaSauce@lemmy.world on 22 Nov 2024 15:12 next collapse

It’s a solution for me. 🤷

He’s right we need laws. He’s wrong that it’s a relief valve or that we take pressure off the heinous privacy violators. We aren’t even a rounding error to them. They don’t care.

AbouBenAdhem@lemmy.world on 22 Nov 2024 15:15 next collapse

the tech community keeps waiting for everyday people to take the baton of self-hosting. They never will—because the effort and cost of maintaining self-hosted services far exceeds the skill and interest of the audience.

The same argument could have been used a century ago to claim that everyday people would never switch from trains to private cars, because the effort and cost of maintaining a car exceeds the skill and interest of most travelers. That may have been true at one point, and may be true again in the future—but it’s contingent on changing circumstances, not a categorical truth.

Showroom7561@lemmy.ca on 22 Nov 2024 16:42 next collapse

Nah, self-hosting is still a solution. And when I self-host, I don’t even need an internet connection to access my files, movies, photos, security cameras, etc.

Yes, we can fix privacy laws, and put in a lot of faith that they will be followed or that our data won’t be lost/sold. But I think everyone benefits when they are in control of their own data.

What we need are more accessible self-hosting options so that even computer n00bs can set up and cut ties with these mega corps.

Pika@sh.itjust.works on 22 Nov 17:56 next collapse

before I read the article, I wholeheartedly disagree with the title.

Self-Hosting not only brings control back into your own hands, but also hones your skills at the same time.

OK so after reading I do agree partially with the regulation aspect, but from a privacy POV all of that is fixed by just not storing PII, I run multiple services in my stack, and the most info I collect on someone is their email, which they defo could just opt out of which I would delete off the system.

As for the cost and labor. It’s really not that difficult, my stack consists of Game servers (a mix of them primarily survival based like ark), email hosting for myself and some friends + no reply services for other internal services, my media stack, my file server, the firewall, a reverse proxy manager and my own programming projects/sites. Honestly the hardest part was the networking aspect of it, learning how to use proxmox was a trip because I hadn’t used a containerized environment before outside of docker.

I think this articles being disingenuous with the no paycheck, there is more to Value than a paycheck. My self hosting while I may not be being paid for it, if I were to put my current setup on to remote hosting I would probably be paying roughly $150 to $200 a month for a private VPS this system allowed me to just spend $700 as a one-off and then minor maintenance costs if something failed, which for a project I intend to keep running regardless its the cheaper option.

As for the ideology of decentralization, yes there is some issues in regards to reliability, obviously these smaller side projects for self hosting aren’t going to have the redundancies that the “proper” hosting is going to have. Like for example just last night my service went down because I lost power for about an hour and a half and my battery standby only had enough power for about 45 minutes of it. Being as most of my stuff is more personal based I’m not too concerned about the downtime but I could definitely see if it was a large scale project like a lemmy server it would be a little more distasteful.

Max_P@lemmy.max-p.me on 23 Nov 01:29 next collapse

I think it’s not as much as we expect everyone to host theirs themselves, but that it’s possible at all so multiple companies can compete without having to start from scratch.

Sure there will be hobbyists that do it, but already just on Lemmy users already have the freedom of going with lemmy.ml, lemmy.world, SJW, lemm.ee and plenty more.

It’s about spreading the risk and having alternatives to run to.

MangoPenguin@lemmy.blahaj.zone on 24 Nov 20:26 collapse

I’m confused because the article talks about self hosting on a VPS and how many self hosted services could stand up to legal action?

That sounds like it’s describing running a public service for others. Self-hosting IMO is running something for yourself, it doesn’t even need to be on the public internet 99% of the time.

Running a service for others is just plain old hosting.