[HN Gopher] Tech Independence
___________________________________________________________________
Tech Independence
Author : jjude
Score : 118 points
Date : 2023-09-17 15:41 UTC (7 hours ago)
(HTM) web link (sive.rs)
(TXT) w3m dump (sive.rs)
| december456 wrote:
| Teaching newbies 'independence' by downloading random untrusted
| files off the internet and running them as system admin...not a
| cool guide i would say.
| boomskats wrote:
| That derek.jpg sure looks shady.
| shepherdjerred wrote:
| Everyone has to start somewhere
| sivers wrote:
| My previous version of https://sive.rs/ti (until a few hours
| ago) had no shell script, but just walked people through every
| step. It took like 50+ hours to write up.
|
| But so many people were getting stuck and frustrated trying to
| type in all those commands, (and mistaking "l" for "1" and
| such), that I realized I could help more people have their own
| server if I put most of those steps into a shell script.
|
| Hopefully it'll be enough to give them a taste of the benefits
| of having their own server, then they can learn more about the
| steps afterwards.
| tkiolp4 wrote:
| C'mon. The scripts are public, you can inspect them before
| running them. The other alternative is to explain line by line
| the hundreds of lines in the scripts. Not very practical.
| [deleted]
| znpy wrote:
| Tech independence... then uses a third party service for outgoing
| email. Smh.
| boomskats wrote:
| Can you even host your own SMTP server in 2023 without it being
| shadow-blocklisted by default? What's your experience?
| baz00 wrote:
| It's fine until Yahoo hellbans you with no recourse for 6
| months after sending you a cryptic message in an SMTP
| response to visit a form and fill it in which you do to the
| best of your ability. Oh and inevitably there's always
| someone you need to email on Yahoo.
| johnea wrote:
| Yes, you can do it!
| wejn wrote:
| Yup. Been running my own for past two decades, still works.
| api wrote:
| True but at this point if you don't do that most e-mail servers
| will reject you.
|
| Spam pretty much destroyed e-mail as an actually open protocol.
| Spam destroys all open systems.
| neilv wrote:
| There are good reasons to use a third-party mail server, IMHO.
| (I recently made that decision again.)
|
| But the reader should be aware that these writeups of how to do
| X often involve the writer/publisher getting referral kickbacks
| from the commercial service they're describing.
|
| I'm about to be in a position of doing something like those
| writeups, as a microstartup, and I'm not entirely comfortable
| with the affiliate programs. But the companies monetizing with
| privacy-invading ubiquitous profiling trackers (sometimes
| euphemistically called "showing ads" and "analytics"), and
| otherwise selling personal data, have spoiled most potential
| willingness of readers to pay for content. So, affiliate
| programs with an obvious _potential_ conflict of interest is
| the only way I 've thought of to fund the work.
| alabhyajindal wrote:
| I have been following Derek for a long time and know that he
| is not doing this for profit.
|
| More info if interested: https://sive.rs/trust
| neilv wrote:
| As in my case, there's a _potential_ conflict of interest
| with the affiliate programs. In his case, he has an
| interest in funding the trust for charitable purposes and
| maybe for his 5% drawdown.
| gsuuon wrote:
| I was going to mention this almost sounds like a vultr ad,
| but woah that's a really clever way to go about selling a
| company.
| macNchz wrote:
| Deliverability from a cloud host IP is not going to be good.
| zrail wrote:
| You're still independent of any given service. Outgoing mail is
| effectively stateless at this scale so the cost to switch to a
| different one us ~zero.
| sivers wrote:
| My previous version of https://sive.rs/ti (until a few hours
| ago) used the built-in OpenSMTPD server for outgoing email.
|
| But then Vultr.com is not un-blocking port 25 by request
| anymore.
|
| That's why I had to switch to a SMTP service.
| jehb wrote:
| Is this really the issue that it used to be, though? I'm
| curious if I'm the only person who just doesn't send email much
| anymore in my personal life.
|
| Yes, I get a lot of email. But it's almost all transactional or
| subscription. The number of emails I send or receive with other
| humans is pretty dang low. Most institutions these days require
| using their platform for communications. Most people I care
| about who I communicate with electronically I do over SMS or
| Signal or occasionally a Mastodon message.
|
| I still own the domain, so I could easily pick up up and move
| to a different mail service in probably just several minutes of
| setting up an account and changing some DNS values. So while
| not fully independent, the time spent getting outbound email
| right is going to have less impact than other changes I could
| make.
| [deleted]
| chillbill wrote:
| I'm all for tech independence. But if you need to be spoon-fed
| the instructions like this and you don't get what most of it is
| doing, YOU DON'T WANT TO DO THIS. Best case scenario you'll get
| locked out of your own stuff or important information.
|
| Yes, you should strive for that, and you start by learning.
| Contrary to popular belief, you don't need to be a linux ninja to
| be able to host your own website and calendar.
|
| The stuff mentioned in this article are the bare minimum, and you
| should want to do it yourself without being spoon fed the steps.
|
| With that aside, this is exactly the kind of guide I would expect
| a three-letter agency contractor or worker to spread in order to
| "help you" stay off the grid, then unceremoniously drop a
| disaster on your head.
| iksm wrote:
| Totally agree. Better look for local associations that provides
| hosting services if you don't have any system administration
| knowledge. They'll help you more, and you'll waste less time
| and probably money, plus they may help you physically setting
| up your devices correctly with your services hosted on their
| servers.
|
| I mean, yeah it's a minimal step by step guide that just feel
| to be the poster's own todo list... As there's many like that.
| To get some entry-point information this is great but this is
| far from being useful in practice.
|
| Basically it hides everything useful to know behind a big
| script that the intended reader is not even supposed to
| understand.
|
| I did not have seen any protection for what's come from WAN,
| not even basic logging, investigation nor debugging
| methodology. No real backup methodology as well and the guide
| seems to not take system upgrades very seriously by saying "oh,
| it could run so for decades, but if you want you can do system
| upgrades".
|
| This is obviously false to any expert and a very risky
| approach. This is not how we are supposed to teach internet-
| connected services self-hosting.
| johnea wrote:
| I do agree that it's not exactly "self hosting" when you use
| vultr.com
|
| Once you've gone to all the other trouble, pay a little extra to
| the ISP for a static IP, and then any computer is your own
| "cloud"...
| reidjs wrote:
| I've read that this is potentially dangerous as you are opening
| up your home network to the Internet, is there any truth behind
| that?
| Tcepsa wrote:
| Yes, I believe that's correct. If any of the services that
| you are opening/exposing in this way contain vulnerabilities,
| those could be exploited to gain unauthorized access to the
| hosting machine. Attackers could then use the compromised
| machine as a staging area to launch attacks against other
| systems on your home network.
|
| Putting the hosted machine in a separate VLAN (like a guest
| network) can mitigate that, but it means you have to do that
| configuration correctly.
|
| (I am not confident enough in my own abilities/knowledge with
| respect to these vulnerabilities to try it, and so it may
| turn out to be very straightforward. I hope to do something
| along those lines someday but so far the risk has outweighed
| the reward for me.)
| iksm wrote:
| VLAN is not intended to be used like that. You want to rely
| on a trusted firewall you own, with separate interfaces and
| appropriate firewalling rules. This can provide an
| isolation between networks.
|
| Behind this, any pirated server could decide to send VLAN
| tagged packets that may go trough the firewall if the rules
| are bad, or read any of them arriving to it.
|
| VLAN's are useful if you want to "tag" packets with ID's
| going trough specific interfaces for segmentation purposes.
| The tag is applied from the interface standpoint, so this
| gives a virtual segmentation between ports of machines you
| are supposed to always control, like between a port on your
| router and ports on a managed switch.
|
| In this case VLAN's are configured on the router's
| interface and the switch interfaces, but the exposed server
| is not aware about it, and can't change it, so you can know
| the ID is right.
|
| This is often believed this is required to isolate
| networks, this is wrong, you just need to have separate
| interfaces.
| nik282000 wrote:
| Depending on your setup you can use dynamic DNS and save
| yourself the cost of the static IP. Either way it will always
| be cheaper per GB of storage to host at home than in 'the
| cloud.'
| harryvederci wrote:
| Ignore the snarky comments, this is a good initiative. Respect.
| iksm wrote:
| Indeed, it is a good initiative. And that may be useful.
|
| Keep in mind that there's many people self-hosting and exposing
| services to WAN that ends as spamboxes or worse from
| misconfigured bits.
|
| The thing is non-techy people would setup such thing and get it
| running, but have no technical way to maintain it. It's a
| flying plane in automatic mode with no competent pilot inside.
| [deleted]
| anderspitman wrote:
| The author talked about this a few months ago on Tim Ferriss'
| podcast[0]. One of my favorite episodes.
|
| I'm passionate[1] about the concept but articles like this are a
| reminder to me that we need to make self hosting an order of
| magnitude simpler and accessible to more people. It shouldn't
| need to involve any CLI, DNS, TLS certs, port forwarding/NAT
| traversal, IP addresses, etc etc.
|
| Self hosting shouldn't be any more difficult or less secure than
| installing an app on your phone. The flow should be 1) install
| the "self hosting app" on an old laptop or phone. 2) Go through a
| quick OAuth2 flow to connect your app to a tunnel that enables
| inbound traffic. 3) Use the self hosting app to install other
| apps like Jellyfin, Calendar, Nextcloud, etc. Everything should
| be sandboxed (containers work pretty well on Linux and Windows
| 10/11 via WSL2) and secure by default. Automatic backups (ideally
| an OAuth2 flow to your friends' self hosted installations) and
| auto app updates are table stakes.
|
| There's no technical reason this can't all be done, but lots of
| technical challenges, and it's unclear whether anyone will pay
| for tunnels. I'm currently trying to figure out how to do
| reliable auto backups without filesystem snapshots.
|
| [0]: https://youtu.be/0BaDQCjqUHU?si=0wDf-2RH-u9vdm3g&t=1380
|
| [1]: https://github.com/anderspitman/awesome-tunneling
| lifty wrote:
| I agree. I think people have just been used to the current
| state of affairs in managing servers. There's no reason why
| they can't be like appliances or mobile OSes.
| noman-land wrote:
| Lets do this. There's literally no reason not to. It could even
| be a small standalone appliance that you plug in. It could be
| no bigger than Mac charging brick, and could even function as
| one.
|
| We have to divorce society from these abusive corporate cloud
| relationships. It made sense 20 years ago. It is actively
| poisonous today.
|
| We can easily make a turnkey opt-in peer to peer cloud using
| today's consumer grade open hardware and software, much of it
| default off the shelf.
| baz00 wrote:
| Relying on your cloud provider's backup / restore solution is not
| a backup.
| alabhyajindal wrote:
| I love this article.
|
| The section 'More Indie Tips' is great, especially if you don't
| plan to follow the guide: https://sive.rs/ti#indie
| koch wrote:
| I really can't believe there doesn't exist a good "home box."
|
| There should be a product that you can buy (a computer) that you
| bring home, plug in, set up via your phone or computer that:
|
| - can host websites
|
| - can store your files and sync them to other devices
|
| - control your home automation
|
| - host your email
|
| - anything else you might otherwise put on a server
|
| And does it all EASILY with a simple phone or web UI.
|
| Yes I know you can actually buy a computer or server or raspberry
| pi and put something like NextCloud or Home Assistant et al. on
| it, but the real barrier imo is the setup and configuration. Even
| I don't do all this because it seems daunting to configure all of
| it, and I consider myself a pretty technical person. I really
| just want to buy a box, plug it in, and like select which apps I
| want to use, and then it starts working for me.
| New_California wrote:
| But there is: https://umbrel.com/ (except for hosting email
| which is not realistic anymore).
| koch wrote:
| This looks about like what I want! I may give it a go...
| infogulch wrote:
| Looks nice, but the marketing design ('make it just like
| Apple') doesn't match the product they're selling. Apple is
| technology for people afraid of technology, but self hosting
| is decidedly not for a technologically afraid audience.
|
| How will they pay for maintaining all the apps and making
| sure that they are properly integrated into the platform as
| they get updated?
| holri wrote:
| https://www.olimex.com/Products/OLinuXino/Home-Server/Pionee...
|
| https://freedombox.org/
| pizzafeelsright wrote:
| The NAS box from synology does all this. Except the phone part.
| Email self hosted might as well be impossible.
| ricardobeat wrote:
| Synology boxes do all of that, except e-mail [1], and the web
| UI is quite decent.
|
| [1] it's quite difficult to run your own e-mail servers these
| days, making it trusted by the rest of the world is a lot of
| work
| alabhyajindal wrote:
| Exactly. That would be great. But I think a large portion of
| the target audience of the home box would rather set this up
| themselves.
|
| Or not. I would much rather have something commercial (built on
| open source) like this so I can be more at ease that my data is
| safe, compared to doing everything myself.
| [deleted]
| ojbyrne wrote:
| Minor quibble/correction request - the FreeFileSync section
| (Windows specific) includes some Mac-specific instructions in
| Step 8.
| akavel wrote:
| FWIW, I recently found a VPS offering for $1.41/month (!) @ 1.5GB
| RAM & 30GB HDD via https://lowendbox.com/, at
| https://my.racknerd.com/index.php?rp=/store/black-friday-202...
| (please note I have no idea how reliable it is though!). I
| managed to deploy NixOS there through nixos-infect
| (https://github.com/elitak/nixos-infect), and then further
| configure it with NixOps. That said, using NixOps does currently
| require a Linux (or Mac, probably) box as the managing one, and
| some Nix-fu, which is definitely non-trivial. A draft (WIP)
| writeup on that, if you're interested:
| https://github.com/akavel/scribbles/blob/main/_drafts/202308...
___________________________________________________________________
(page generated 2023-09-17 23:01 UTC)